Correct, you read somewhere and they’ve been saying that for almost 10 years now lol
They can’t “phase the xmlrpc” out unless they have an exit strategy that will prevent the tons of integrations out there from not breaking when they do. It would be company suicide. They would prefer that you use the REST immplementation because it requires oauth and is a more secure method. Although they are also coming out with a access key/token method soon that will simplify things and actually improve some control over the permissions for REST calls.
Still, the xmlrpc isn’t going anywhere anytime soon. They may figure it out sometime down the road but it’s beyond me how they hope to keep everything using it from breaking if they do. It’s been talked about for a very long time now and they’ve also committed to notifying people well in advance (think a year prior to sunsetting) so I don’t think you’ll have anything to really worry about