Oh come on, have you ever seen any successful attacks due to TLS 1.0 encryption? For decades, most websites have not used SSL at all, and attackers don't attack through SSL protocols anyway but simply attack endpoints. Caling TLS 1.0 a "major" risk is more than exaggeration. It is a very low profile, tiny risk - if at all. You also have to consider that TLS 1.0 is only used if an ancient browser connects. All newer browsers have dropped support of it for years, so it's really almost never used as browsers don't connect with it anyway. If you don't want to have it for compatibility reasons, drop it, but calling it a "major" risk is beyond reason.