In this application, and even though I do use latching relays myself to save on system power, I think that they should have used normal relays which disconnect under loss of power. The system did use a switching supply instead of a capacitor dropper, so it should have been a way to keep thermals of powering normal relays of that size under control in the sealed device.
I guess the other argument can be made if an MCU IO gets fried on or turned on by corrupted code, a connected relay would still immediately be turned on after connecting power. Without the schematic, we cannot tell if there are any protections at the low level transistor relay driver level to prevent this which may actually be a plus if done right regardless of the MCU's state.