You can call me Dwayne, I dont get offended on anything, all good ; - ). The Rock is the best!
Anyway, you made all the valid points. I will tell you example of what I did for customer last year...they came from Cisco world and they did not feel comfortable having 2nd ordered url layer with any any allow, so we created few rules towards the top of the rule base with access roles (since we have IA enabled) and https inspection and customer loves it, as people get block page presented and works really well and they are very content having one ordered layer with few inline layers to reflect different interfaces/zones.
But again, my PERSONAL preference is different ordered layers for reasons I mentioned in my last response. But, as you know, everyone is different...some people like Ferrari, some Mercedes, its all good 🙂
Andy