There's probably some super legacy vulnerabilities that are risky due to the interconnectivity with accounts that's not worth the investment to fix for the super old platform. Rather than leaving the exposure outstanding while finding the expertise to fix ancient tech, shut it down for now, see if the functionality can be lived without, and reintroduce something on modern hardware that's more readily and easily maintainable from the backend if necessary.