While this idea sounds interesting at first glance, I think it misses one fact: we are in contact with the core teams of the cmses we support (currently joomla and mambo), and would react immediately to severe security issues, even before the security release.
As a matter of fact, I have been either pointing at or raising a rather significant part of joomla security issues/fixes in the last 4 joomla 1.0 releases...
CB 1.2 is a different story, as Joomla 1.5 is not a security release, compared to joomla 1.0, which is still maintained in the foreseable future regarding security issues. CB 1.1 runs on Joomla 1.5 with legacy layer on (and in some cases with a few bugfixes documented as stickies in this forum).
And if you ask people about a lite version, their definition would vary by lots...
Plus maintining 2 CB versions would not make development faster...