The secure configuration means when Duo is down, you can't login, unless you have some out of band login method that's not protected by Duo. That is a pretty big commitment to Duo's uptime, and it makes sense that it's not the default.