I meant it the other way around. Those that are still in their boxes are the ones that are most at risk. The issue is described here.
You should certainly go ahead regardless.
That is exactly the problem. When the hub is manufactured a security certificate is installed which is used to verify access to SmartThings update servers. This certificate expired at the beginning of March this year. The SmartThings hub doesn’t have a battery backed clock so when you turn it on it will typically start from the beginning of time (which is in 1970) and so not know the certificate has expired. Unfortunately it soon finds out using NTP. As the link above explains, the trick is to temporarily block access to the time servers somehow until the hub has downloaded firmware updates which include a replacement certificate. Lots of routers can do this but equally plenty can’t. Also some ISPs implement parental access by preventing the addresses of certain servers being looked up, so that is another approach.
The starting point is to try and installation and see where you get to.