Ok, you might be right in that, but not all threats need to come from within of the Arduino. Let's imagine the inconceivable, an external damage (a mouse bites the supply cord, a water leakage gets through or, why no, there's a flaw in one of the components of the board, etc.)
The thing is, the cost of the board is negligible compared to the cost of the whole electrical installation, so if there's a way of doing something easy putting two boards, one as hot and the other as backup, why not do it. I have done some research and I know now more than I did yesterday. The option of having a set of three state buffers controlled by an external switch that changes from one Arduino to the other (even switching power supply too) is so far the one that fits best.