(bold not in original)
Please define what you mean by 'upgraded client'.
A client that supports Segwit after the activation occurs. Those clients can download and validate the data.
If such a client is getting a 'capacity boost', the only way this can be accomplished is by that node ignoring signature data. Ignoring signature data in and of itself makes that node dependent upon others to perform validation. Accordingly, such a node cannot operate in a trustless manner. It is insecure.
I never said that old nodes would be secure, did I?