It's not rocket science: someone on your distro's team just needs to update it ONCE A YEAR. If that is too onerous for them, then I'd prefer that they not distribute my software at all.
And that just goes to show that he knows not what CentOS is - since clearly he doesn't realise that it is NOT distributed by CentOS at all. I suspect RH don't touch it for this very reason.
If you don't like the way XScreenSaver works, then don't run it. I hear GNOME Screensaver is a thing that also exists. See how that works out for you instead."
I didn't know a screensaver was that critical.
I tend to go along with Gnome when it comes to screen savers: they serve no purpose what so ever other than eye candy. Don't bother with them. Just configure Gnome to lock the session and blank the screen so the monitor turns off.
If your corporate masters require uplifting messages to be shown on all the screens, then require them to provide you with the resources to sort out the software.
P.