[ben509]

I don't think they're saying it's more secure because they didn't tell anyone.

In a prior job, we discovered some automation left ports open that could theoretically be accessed by customers, thus a malicious actor could theoretically have loaded software onto a privileged instance. So we had to treat all devices as potentially compromised. That meant running automation to tear them down and rebuild. This took days.

We were able to do this without visible outage, but the devices affected were mostly doing NAT; if you have a more central component affected, you do need downtime to back it up (that's the read-only section, don't let customers write data that doesn't get backed up) and then rebuild and put it all back together.

Also, it's just easier to get it right with downtime. And they're probably padding these estimates to handle the inevitable things that go wrong during maintenance.