This allows that CDN to replace that page if they are malicious with a login form and steal keys. Do you wish to take that risk?

Also, we use HSTS and they would have to have some valid TLS keys, as well, which would let them MITM traffic even when we aren’t down. 

There is a lot of cost/benefit to these sorts of things. We’re just going to focus on not going down in the future.