> outside of markets where there's a lot of compliance requirements

That includes anyone who wants to sell to the US government (and probably other governments as well).

FedRAMP easentially[1] requires using "hardened" images.

[1]: It isn't strictly required, but without out things like passing security scans and FIPS compliance are more difficult.