You're missing the gist of it here. The reality on production server is, most are locked down from egress attacks. This does not stop, minimize, and or deter an attacker from hitting you up with a client side attack on a non-production machine, passing a hash, then to and from trusted sources until it gets out:
Attacker --> client side --> workstation
workstation --> attack --> production server
production server workstation
workstation --> via SSL --> attacker.
This would fill a wiki page so I will stop there. There was a point to be made without me having to spell things out