If they already own your DC you're screwed anyway.
I think the point is that no vulnerability should be "excused away". Flaws -- regardless of where and what they are -- should get identified, analyzed, and fixed.
I'm sure you're not actually saying that there's no value to fixing the vuln, right?