Sometimes, it is too easy to modify dangerous settings by accident. I heard of numerous issues where oC admins broke their instance by unintentionally clicking in the LDAP settings.
I also think we should have 'OK' or 'Apply' buttons. The current behaviour is more messy to implement for developers and as you said potentially dangerous. Also you might have been kicked out of your internet connection and then don't know if you did a setting
Also an issue with the external storage configuration, especially that it saves and creates storage entries before you finished typing if you happen to take a break while typing in a path...
I may be oldfashioned, but I expect an explicit OK or APPLY button, and maybe a 'You have unsaved changes' warning, when leaving without APPLY. These are admin settings. They do not need to follow any modern 'click in empty space to save' ideas, IMHO.
The issue goes throughout however, there are also settings a user has to do, like passwords. Of course then there are things like the sharing action where I would not want to press apply. Or when a user is added to a group. IMHO we need consistency throughout and logic when which behaviour exists and why.
We could go ever further and implement different stages of severity where confirming changes will require more action on the changers side.
Low level of confirmation
A simple Save (changes) button accepts changes. e.g. Change "Full Name" in personal settings
= 1 click
Medium level of confirmation
Clicking the Save (changes) button triggers a confirmation window/overlay with an yes or no option.
= 2 clicks
High level of confirmation
Clicking the Save (changes) button triggers a confirmation window/overlay, reminding you of the consequences of your action and requiring you to input a word (lets say confirm) into a field and clicking yes again.
= 2 clicks + 1 txt input
These the leves can be used all around OC and even extended if needed. A simple DATA Tag added to the save button could do the trick. (e.g. data-conf-level="1") and would require no further implementation on the dev. side.