Not really unfeasible
Military uses user based certs. This means that every time a user throughout the entire DoD organization is fired/quits/change jobs/changes names/etc. They have their certificate revoked. This means they are probably revoking hundreds of certificates per day. Generally, you need to update your CRLs about once a week at a minimum, though they prefer that applications use OCSP, where a query is sent in real time to the CA to see if the cert has been revoked for this reason. So, flashing isn't a very reasonable thing to do once a week or more, especially when the product takes an hour to flash.
"And remember: Evil will always prevail, because Good is dumb." -- Spaceballs