I realized I've been running a whole bunch of my own smaller projects that way for several years now and I absolutely love it, and now default to it for everything I build
For high stakes systems an alternative I've used that gives much of the benefits while avoiding any risk is Continous Deployment to a staging environment - that way every change is instantly available for manual testing but there's still a deliberate "go live" moment with an extra human in the loop
@simon Yeah for my work I'd wish we had CD at least into a QA. And one button push each for pilot/live. With very small increments and a fix forward approach by default (but rollback on button push available in rarer cases - though that might just be a git revert usually)