While it may be a good idea to get rid of the multimedia repository, that is not what providing these security updates is about...
since our case is related with libavcodec-xx package we need to decide whether if we'll continue using deb-multimedia or not. we can't use debian's patch until we get rid all deb-multimedia packages. our option is:
1. continue using deb-multimedia.
(+) less work to do
(-) we can't apply debian's patch related to libav/ffmpeg to our system. we're forced to skip this libav patch.
(-) we need to rely on deb-multimedia patch for our system's security
2. stop using deb-multimedia.
(+) we can apply all debian's patch.
(-) we lose ffmpeg and some propietary dvd codecs
(-) more work to do. we need to replace libavcodec-xx with libavcodec-extra-xx and install libav-tools to get the missing codecs.
Is it safe to conclude (to keep things simple), that as long as we depend on deb-multimedia, the deb-multimedia overrule any Debian updates, and that it is therefor unnecessary to update those Debian packages?
AFAIK it only overrule the patch related with multimedia stuffs, especially on the codecs. if we trust deb-multimedia maintainer and he also apply the security patch into his packages then I see nothing wrong to keep deb-multimedia on our system.