The security risk isn’t just that Sprout would be compromised and allow inflation. That’s actually the least concerning risk, IMO, because of the turnstile.
The real risk is how Sprout interacts with the rest of the protocol. It’s a portion of the transaction structure, its value flows in and out of other value pools, nodes must track and maintain the nullifier set and commitment tree, signatures must be checked over hashes of portions of the transaction and these change as the transaction format changes, Sprout uses ed25519 for this so we have to keep ed25519 support forever, similarly we’d need a Sprout proof verifier code written in potentially antiquated libraries and curve implementations, … I could probably think of a few other things.
Generally, the less stuff happening in the protocol, the simpler it is to maintain and improve with minimal security risk going forward. (Similarly, I anticipate Sapling will be in the same position as Sprout someday.)