I am not saying that Windows 10 is 100% secure, but it gets patched none-the-less. Windows 7 isn't going to get patched anymore. Remember WannaCry Ransomware in 2017? It infected mostly Windows XP. It had patches but organisations didn't bother to install them. This is one way in which Windows 10 is safe, as the updates keep getting installed automatically. Had they patched theirs before, WannaCry wouldn't have done so much damage.
Yes, but the more Win10 becomes prevalent, the more malware writers will target it. Win7 will be let's say more vulnerable, but patches won't save Win10 either, because only the most incapable malware writer will make a malware that can't infect Win10.
The only certain thing an attacker knows about potential defenses is the OS and WD. By the time a malware is spread, defenses adapt, malware writers dont' expect their malware to "work" eternally either. They will just write another or a new variant. If you use 3rd party programs that can block the malware, you are most likely safer than having Win10 at "default" configuration. Because when the malware is still "fresh", it will be coded to infect Win10 + WD. Win7 may be more vulnerable for longer period of time, because it will be unpatched, but the malware must first land on your installation, which might depend not on the OS itself but other program (like the browser). And if something manages to land and try to exploit a kernel hole, well, ok, if you don't have a 3rd party program, you are toast.
But after 20 years of reading security forums, i am not so prone to panic anymore about these "impeding threats" that await around every corner, because i haven't really seen them. I had arrived to the point to downloading malware on my own to test them in Shadow Defender, just to see my antivirus "work". I can't explain how people get so easily infected other than clicking on their own to unknown origin executables or sharing infected USB keys.
One thing i 've realized over the years. If one super-hacker wants to infect you, he will, no matter how well patched OS you have. But unless you are a mega-corp, you aren't worth his time.