If changes can't be made manually or accidentally then they are very likely to work!
A locked down and secure computing environment is a often expressed ideal in computing. This isn't an impossible goal, it is simply that maintenance changes are required and often must be carried out with security safeguards off.
Maintenance changes are often complex and, with all the best intentions in the world, are not repeated in live customer facing environments in exactly the same way after testing.
How can we have our proverbial "security cake" and, eat it?
Automation is the key...