Cooldowns feel like a solid, ecosystem agnostic way to reduce blast radius from "malicious release goes live and gets auto pulled everywhere" attacks. They do not prevent compromise, but they buy the one thing defenders usually lack: time for humans and tooling to notice before wide rollout.