You can't guarantee that code path never gets executed. For a good historical example, Windows NT4 also came with inbuilt OS/2 and POSIX subsystems that were never used by users, but typically used by people on the internet to crack boxes.
While I haven't look at the OS/2 support of OpensSSL specifically, surely it is not a question about code that it never executed, but code that is never built on a modern system. That makes it more a question about code maintainability and code readability, rather than security problems with seldom executed code.
Much of the code you don't think was ever built on a modern system was being built. Either because they enabled the workaround everywhere on purpose, or because the preprocessor test was borked and the modern code never enabled.
That's likely true in the case of OS/2, DGUX workarounds might be ran on Unix boxes.
It's all dead code that any of us here would remove from our own software projects - and your point about the OpenSSL team's lack of resources is quite relevant to that.
