The significance of the advisory isn't that the initial firmware can be replaced. As indicated, that's a standard feature not only with Cisco gear but just about any computing device.
This is what should change. Firmware being read-write without some significant intervention is a huge factor in the current generation of vulnerabilities. Why is ROMMON write-enabled without moving a jumper or flipping a physical switch on the chassis?
Why can we update firmware on our PCs without needing to reboot into some special mode first? That stuff should be read-only (preferably with a hardware latch on the write-enable pin that's only cleared by a processor reset) as early as possible in the boot sequence.
The general case is that we do not update firmware while running the device. Even if you did that thirty times in the lifetime of the computer, they'd still be relatively exceptional cases. Why is the default behavior to trust that the OS will be bug-free enough to protect something so critical?
Or maybe I'm just getting old. Break out the UV EPROM-eraser and get off my lawn!