I don't buy this argument. The canonical usecase is to block a program from accessing the internet at all. It blocks updates, sure, but you still end up more secure if there's no network in or out at all. Local applications should be able to deal with running offline.