In general I agree, but specifically for this: It does mean you don't have to do it _for this particular feature_. If we can "reduce hard" then that's a good thing. It's one less configuration to manage.
But if you have to do it sometimes, and you're proactive about process and automation, not only is this good practice for quickly patching security vulnerabilities, it will help you solidify your configuration management processes and automation, because at the end of the day, you're going to have to do it.
The suggestion that you don't have to do it for this particular feature is kicking the can down the road.
The suggestion that you don't have to do it for this particular feature is kicking the can down the road.