You can't make any predictions about what will happen when open-source software is forked. Sometimes the fork dies, yes. Sometimes it supplants the original. Sometimes they merge back together. And sometimes both the original and the fork continue on side-by-side for many years. Pale Moon, at least, currently has an active enough community around it that I wouldn't expect it to be at risk for a while yet (by which time, Firefox may have morphed again). And it's definitely a better choice than someone staying with an unmaintained Firefox version because of an extension they're not willing to give up. There are people who do that kind of thing, you know.
As for the lack of security fixes in unmaintained add-ons, on the one hand, it doesn't actually matter until a security issue turns up—not all of these add-ons are large or contain any security-critical code. On the other hand, you have to accept that you're doing something slightly risky that isn't really best practice. So it's another trade-off. Old Firefox extensions are unlikely to be attractive hacking targets, though, simply because not many people are using them.