FW 1.0-4.1.0 are pretty much blown wide open.
Multiple people have coldboot with full exploit chains on all current firmware.
The 3 key firmwares right now are 1.0.0, 3.0.0, and 4.1.0.
1.0 is the oldest, has the most flaws, and already has the most work put into it making it the easiest to release for first. Plus why update past this, if you happen to have this?
If you missed out on 1.0, and you have 2.0-3.0.0, just update to 3.0.0 as they already have a full exploit chain for 3.0.0 already, plus public homebrew, so why not.
If you missed out on 3.0.0, update to 4.1.0, for the same reasons as above.
Giving us key firmwares, and telling us to update to the next key firmware if you missed the previous, gets everyone to a few set firmware. This reduces the number of incremental firmware that cfw and underlying exploits must be tailored to.
As to the question of why they don't just release the latest, instead of starting at the oldest. It may be that they just don't want to scrap all of the work that they put into the older firmware. Not to mention they want to keep access to already fleshed out exploits in new updates, meaning they won't burn an exploit just to release it to the public.