The reason for this logic is so that you can ^C twice to get out if a daemon is hung and you're running it in the foreground. This avoids the need to bring up a second terminal, figure out the PID of the daemon running in the first terminal, kill it, hope you got the PID right, etc., or abandon the first terminal entirely.

You could use ^\ / SIGQUIT to force the non-graceful exit when the daemon's in the foreground and keep ^C as graceful only.

There's no way an over-overseer can know when the previous reload is finished; all it can do is call bin/phd stop --graceful 999999 in the background and leave it to run. In addition, a previous reload can take several hours to run; if you need to deploy out another set of code before the reload is finished, you have no safe way of doing so until the first one is entirely complete.

You can't even shutdown the machine safely because once you issue the first graceful shutdown, there's no way to know if all the old daemon processes have gracefully exited (unless you want to wait 999999 seconds).

There's no way an over-overseer can know when the previous reload is finished

It can look for the overseer PID. Once it exits, the shutdown finished.

there's no way to know if all the old daemon processes have gracefully exited

If all the overseers have exited, all the daemons have exited. If not, they haven't.

Okay, but you still have no way of safely issuing another bin/phd stop without it stopping both overseers?

You have to bin/phd stop <only the second overseer PID>.