There are no plans to retire the capability. The resource owner password grant type is disabled by default when you create a new application, but we still provide the capability to turn it on if you need it/want it.
The /oauth/ro was deprecated because it deviated from the OAuth2 standard and it had other problems, and the proper replacement for its regular purpose is the /oauth/token endpoint with the ROPG flow.