You forgot "take on becoming the SELinux integration manager for that project with every single update". I've done that several times now
In commercial service production, wasted time also costs money.
I think it is easier/cheaper to use hardware firewalls and idp systems to protect servers than fight with selinux on each server.
SELinux tuning might work on companies with unlimited resources like NSA .. or if you run server at home with unlimited free time to tune it up.
-- Eero