Why do we use facilities with EPO's?

There are a very few exceptions, but for our practical
purposes, people really ought to simply go to multiple
site redundancy rather than thinking about bending
major safety assumptions in how we operate individual
buildings. You may have a few less outages, but you
may also kill someone.

What the Navy does on ships, for critical ship safety
and combat systems; what the FAA does for their radar
facilities and air traffic control facilities; what Telcos
do, these are different operating regimes, and there are
associated higher risk acceptance with the different equipment
setups and safety procedures.

Indeed. The Navy uses a 'battleshort' at times. This is the
ultimate penny in the fusebox; a shunt around the breakers
on critical systems... such as main gun turret hydraulics &
firing controls.

They are there because the analysis was it better to have some
things catch fire than to be impotent when the Bismark or the
Graf Spay is shooting at you.

[NASA used a similar battleshort at Houston MSC during the final
seconds of the A-11 descent, and other short critical periods.]

In both cases, HIGHLY trained people with LOTS of resources were
on the job. Plus, at least in the Navy case, casualties were an
accepted risk; even if you kill folks in one turret, if you get
a hit that saves your ship.....

Needless to say, your insurance company is not likely take
that view, no matter how many pron feeds SLA's your EPO will
break. Nor will the local prosecutor trying a manslaughter case
when a fire-fighter dies.