Case in point: there's an active Mastodon security exploit. Getting the fix rolled out everywhere (including heavily customized servers) is very difficult. And if someone does get remote code execution on all instances, the attacker can do *permanent* graph damage that backup restorations won't fix