Because Bireli is project template, once it has been used for a project it is not used anymore in the project itself. Because of this we don't need to ensure security for a project life since it the role of project author.
However, Bireli may contains things which involve to create a project with existing security issues.
So we will only port security fix to the last released version. User are expected to upgrade to last Bireli version for security fixes.
You are free to report vulnerability as an open issue in all case.