First, until you reboot your servers, they are not really patched. Second, you are happy about unattended core system upgrades to production machines? I don't think this is the right feeling to have :)

As a general rule, I would agree with you (with regard to point two). However, you don't know the details of INTPenis' infrastructure so you can't know. Perhaps automated / unattended upgrades / reboots would totally hose your environment but that's not the case in every instance.

Depends on the environment, but I can safely say that I allow security updates without reboot in most production environments and have yet to run into problems.

Rough estimate I'd say it's 50/50 whether I patch manually or allow unattended patches.