(Given the nature of this feature I'd really like to have it in LTS ASAP, therefore marking this as Bug so it shows up on the candidates list)

As announced on the developers mailing list, we will start releasing security advisories about unmaintained plugins with security vulnerabilities without a fix if necessary:
https://groups.google.com/d/msg/jenkinsci-dev/NaAqqChOVmY/BvA_TuzjAQAJ

These plugins need to be marked as 'unsafe' in Jenkins.

• backend-update-center2 needs to be extended (perhaps as separate Downloadable?)
• Core needs to be extended to
  • consume the new metadata
  • show warnings in appropriate places (admin monitor for installed plugins, plugin manager for updates and available/installed plugins)