Until the day comes when an application isn't updated with a patched library and people get hacked. This is the reason why I'm not so keen on statically linked applications. I'd rather my applications focus on their concerns and link to shared libraries for stuff like SSL and so on. This means the SSL people can focus on shipping secure SSL libraries and application people can focus on shipping applications built on secure shared libraries.
This is an unlikely scenario. Most vulnerabilities are not in shared libraries. If you don't update your software, either it doesn't matter, or you eventually run into security issues.
Optimizing for the unlikely scenario is not a worthy tradeoff. Focusing on shared libraries can indirectly lead to less security overall, because people run outdated software, because of dependency hell leading people to defer upgrades.
