first of all, I understand your point of view..
but think about a patch to glibc or openssl which closes a dangerous bug.. I'd be suggested to reboot my server, shouldn't I?
BTW, a unskilled user could update his server but keep it online with broken services and security flaws
in any case, in 15 years of centos derived distros I found myself with a broken server only 3 times, and the fault was always mine
(and I'd add that I never use the web UI to update my machines; I always use che CLI commands, 'cause I can read which packages will be updated, from which repo and so on)