I preface by saying that I am not a jet pilot at all, though lots of twin propeller time. I have flown the DA-42, where an engine failure is a no pilot action event, other than securing it when time permits - big jet like in procedures.

In a twin prop, getting the failed one feathered promptly is pretty important. I understand that a jet, less so. Wait it out steady up to altitude X, then start securing things. So, I ask myself, and considering the immensely low risk of a malicious shutdown, what if software delayed any action to shut down a second engine by umpteen seconds? Sure, pilot action for a first engine event. But, is there any need for instant action behind that for a second engine shut down! Engine fire aside, whatever could possibly cause a pilot to decide to shut down the second engine could probably wait 30 seconds before the shut down command was actioned by the airplane. So a message: "You have commanded the shutdown of the second engine. This shutdown will occur in thirty seconds unless you XXX". If nothing else, it would give a very surprised second pilot time to do something to prevent the shutdown, rather than dealing with it after the shutdown had commenced.

I'm thinking about this from a certification perspective, as we have already been having discussions in this theme....