This is one of the few areas where I think Apple could learn a bit from Microsoft.
Microsoft's Support Lifecycle policy (http://support.microsoft.com/lifecycle/) means as soon as a product hits, we know how long it's going to be around and will be supported for, and can plan accordingly.
It includes dates that it will stop being sold, dates that feature requests and bespoke patches will stop, and, most importantly, the date that critical security updates will stop, all laid out up to 7 years ahead of time.
You may grumble that it's not a long enough timeframe, but at least you can't say you weren't warned beforehand, and knew how long it was before you product would remain unpatched before purchase if you cared to look.
Take the Apple XServe issue: From a current, shipping product to discontinued in a little under 4 months, with spares only guaranteed until the end of your current Applecare Agreement. Just reading the apple forums, it threw a major and unexpected spanner into some customers lives: http://discussions.apple.com/thread.jspa?threadID=2638103&tstart=1
Apple likes playing things close to their chest, which obviously works well for them, but if they took on-board some of lessons Microsoft learned through it's trustworthy computing initiative - consistent security bulletin procedures, defined disclosure procedures, and well publicised roadmaps and lifecycles - think how much more confidence SMB and enterprise IT would have in putting Apple product front and centre of their long term planning - something many are reluctant to do for these kind of issues.