Wondering if them telling me 'its secure' is true or should I dump them;
Personally, a few versions behind, sure.... I get it, day 1 issues happen..... but running things that are EoL :\ that just screams 'OH NO' to me.
Thoughts?
Yes, from the security point of view you should get a new server with CloudLinux 8 and the latest cPanel/WHM version installed then migrate your websites from the old server to the new server.
Well here's your official answer - we never recommend running EOL anything, so if that host is refusing to update/upgrade, I would think it's time to move on as saying that is secure is just not truthful.