The unfortunate part is that a "secure" jailbreak is absolutely possible, or at least mitigations for the vulnerabilities used to achieve the jailbreak. It seems there is not much demand for it though.
There are always other vulnerabilities that might not have been noticed that Apple fixes in later versions, though; like: jailbreaks that fixed their own exploit behind them and the handful of other known bugs weren't really sufficient. What really needs to happen to make this viable is for Apple to just let people do this kind of stuff without the need for them to have made a mistake in their security. They think they are smarter than everyone else, though, and if you are building something great that would run on their hardware that can't be done as an "app" you should just be working for Apple and be part of the smart club, so with that attitude they have this strategy to just coddle the user base so that they can't do anything dumb (as, to be very clear: I absolutely do not consider "user downloaded something evil from someone random and explicitly gave it permission to do something horrible" a security problem any more than a user can pick up a knife and stab themselves with it: that doesn't mean that all knives everywhere should be designed with a DRM that makes their sharp edges only work on certain kinds of branded food).
To expand on your first sentence: some past jailbreaks allowed booting different versions of iOS than the one with the bug, because they were lower-level (bootloader based). So you could upgrade for security fixes, upgrade for the latest features, or restore to fix a hosed system, all without losing your jailbreak. For a long time I wanted to implement that for userland jailbreaks, but I never did, and now it’s not really possible anymore. But that would have solved the “jailbreaks are inherently insecure” problem.
But yeah, much better if the cat and mouse game weren’t necessary to start with.
