It certainly is a balance between keeping phones for longer and keeping them secure enough. On the bright side, google is promising 7 years of updates for the pixel 8. We’ll see if they can deliver on it, or perhaps this is a sign that they are about to kill the pixel line. Say what you want about Apple, but their updates usually last as long as the phones are generally still usable, so there is less of a conflict to replace an iphone based on security updates.
I don’t think that I am too paranoid about security, but I do want to be better than average to reduce the chances of getting hacked/phished/infected/voodoo cursed. It’s kinda like bears in the woods. You don’t have to outrun the bear, you just have to outrun your buddy. Sure it might be inconvenient with long passwords and 2fa, but for me, the effort is worth it. Also, I’m not 100% confident in my backups, so I am investing my tech points in phone security.
This CVE was noteworthy and affected some of the pixel phones.