We want to run the updating and installing code outside of the DRUPAL_BOOTSTRAP_FULL environment so that if a broken contrib module is added during an update, it doesn't make the site un-usable to complete the update.
Also, by putting the interface asking for the FileTransfer password outside of Drupal we mitigate some risk of XSS attacks.
Passed: 13838 passes, 0 fails, 0 exceptions View
Passed: 13824 passes, 0 fails, 0 exceptions View
Passed: 13961 passes, 0 fails, 0 exceptions View