Yeah, this is real. The module-level initialization trick is solid, but watch your security surface. I've seen teams load database credentials, API keys, all of it at init time and suddenly you've got secrets sitting in memory across invocations.
Use something like AWS Secrets Manager with caching, not hardcoded env vars. Also, if you're doing gRPC stubs at init, make sure connection pooling doesn't leak across requests in unexpected ways. That's where bugs hide.
Provisioned concurrency is expensive but sometimes cheaper than the operational debt of customer complaints. Worth doing the math on your actual traffic patterns.