How It Works: Always On–When Is My Secondary Failover Ready?

I don't understand the "Don't Kill SQL Server" as it appears to me that there is a contradiction in this paragraph: on one hand you say that "SQL Server is design[ed] to handle power outages and tested well [...] Kill is a bit like simulating a power outage" and on the other "it may be possible to introduce unwanted behavior [...] leaving the key corrupted". Did you mean "SQL Server is designed to keep user data consistent i.e. never corrupted even in case kill or power outage but it is not designed to keep AG's state consistent in case of kill or power outage" ? We won't sleep well with awareness that our data is vulnerable (or rather: awareness that power outage may cause sql server to be unavailable and some engineer will have to "carefully drop and recreate the AG" in the middle of the night when our system is expected to be working) . Btw why can't a zillion dollar db engine apply acid to "registry key, blob for the AG"?