Let me paint you a picture of stupidity in action. You can stop reading if you've never been in a similar situation.
Say you're working on fixing accessibility on the site.
You already knocked out a bunch of issues and are excited to ship. Then management calls a meeting. "We need to talk." That's rarely a good sign.
"Security says we can't ship the accessibility fixes just yet."
You nearly choke on your coffee. "They're blocking accessibility improvements for a security audit?"
Apparently making the site usable with a keyboard poses some existential threat to the integrity of the system. You can't add alt text to images or ARIA labels to buttons because it might interfere with penetration testing. Everything has to remain baseline stable during the audit window.
Proper alt text, keyboard navigation colour contrast. This is real stuff that real people need. It's done, tested, ready to ship.
But oh no, it can't go live because security is conducting their annual audit and has put a blanket freeze on all front-end changes. Your accessibility improvements are held hostage while someone checks if your web server software is up to date and your password requirements are strong enough.
You've got people who literally cannot use your site.
Some weeks later and those accessibility fixes are still sitting in a branch while users with disabilities struggle. But hey, at least the password meets the requirements of minimum 12 characters, two numbers, one special symbol, no dictionary words and must be changed every 30 days, right?
Brilliant work.
Since you've read so far, I bet you've lived through something eerily similar to this, haven't you?