Re: "maintain physical possession of their platform"
Not entirely. A couple of good examples where the person in control of a machine may never once in their entire life have physical access to the server:
- Dedicated Servers
- VPS
- Cloud
Then there's the "it's our hardware, but we can't control who has physical access":
- Co-location DCs
This pretty much sums up the bulk of websites on the internet these days.
Sadly, I'm also guilty of just renting dedi's instead of trying to run them from the office or home due to the UK's internet speeds (and if you want leased lines, which can be good enough, the price) and hardware costs. And in most cases a DC can offer better physical security than your house.