@hp @thomasfuchs I've worked at several places that did that. And, dealt with the resulting fallout.
There's also the nuke and replace method that never goes horribly wrong.
Also had to deal with the git/svn directory deployment method. Because, of course, there's nothing on those hidden .git or .subversion directories that is at all sensitive.