Comment by gmuslera

The contract is still there, the humans taking decisions at some layer are still there. Decisions were made, risks were dismissed, and that won't protect production data if some of those risks happen. A database won't survive a manager that starts hitting it with an actual hammer neither, or an agent with enough privileges decide to delete or corrupt all the data. And adding a mitigation like i.e. soft deletes is another way of dismissing the risks.