All perfectly true, but this zealous approach tends to ignore security economics. Most of the supposedly “broken” cipher suites still require significant resources to break a specific instance. For a start, for an SSL weakness to be exploitable, the attacker needs to be able to intercept the encrypted traffic in the first place. GCHQ (wlog) may have no problem with that, but mostly it is quite hard to read, let alone modify, somebody else’s network traffic. Having got the traffic, even a “weak” cipher is likely to need substantial compute power to decrypt (it was “strong” a few years ago, remember). I think it is fair to say that it is not plausible that anybody would put such effort into reading SOTAwatch traffic, and it wouldn’t do them much good if they did.
The same argument applies a fortiori to attempts to mount a man-in-the-middle attack to alter the traffic.
I would expect my bank’s web site and anything handling sensitive personal data to insist on the latest security standards, but I venture to suggest that it would do no harm, and much good, for a hobby site to continue to allow the older cipher suites. Of course that may not be possible if the security zealots have actually deleted the code, but quite often you find that they have merely changed the default options and it is possible to restore support for legacy cipher suites in a configuration file. Newer clients should still negotiate the stronger suites, so they are no worse off.