> but the risk is total catastrophic destruction of the environment for (tens of) thousands of years.
This is ranging on hyperbole. Even in the case of a meltdown the result wouldn't be another Chernobyl. The latter was an unshielded reactor. Literally the soviets didn't bother putting a concrete condom on their reactors, because that would be too expensive. We've already experienced meltdowns in properly built reactors: https://en.wikipedia.org/wiki/Three_Mile_Island_accident
Like Chernobyl, AGR reactors do not have secondary containment: the idea was that as they are gas cooled (no water to phase change) and have enormous cores (so much more time to deal with heat build up), they are safe enough to not need it.
This isn't a separate containment structure surrounding the reactor, but part of the reactor itself. From your own link, page 42, section 5.8 Containment systems:
> Thus, there seems to be a barrier less in AGR compared with LWR reactors. In AGR's the pressure vessel and containment is one unit, but the vessel contains the total primary circuit.The main reason for this difference is the single phase CO2 coolant used in AGR compared with the H2O coolant in LWR. CO2 cannot undergo suddenly phase change as a result of an unexpected rise in temperature or pressure, i. c. it cannot flash as water. It means that there can be no sudden discontinuity of cooling under fault conditions, and changes in flows, temperatures and pressures progress rather slow.
The Three Mile island accident mostly teaches us that we got lucky. Here‘s a quote from that Wikipedia article:
On the third day following the accident, a hydrogen bubble was discovered in the dome of the pressure vessel, and became the focus of concern. A hydrogen explosion might not only breach the pressure vessel, but, depending on its magnitude, might compromise the integrity of the containment vessel leading to large-scale release of radioactive material.
> The Three Mile island accident mostly teaches us that we got lucky.
Why is it considered luck? For it to be luck wouldn't we have to show that there was some way in which the explosion breaching the containment was possible and should've occurred, but due to chance didn't. (Seems like it could've been modeled but I couldn't find anything on that.)
> From 30 March through 1 April operators removed this hydrogen gas "bubble" by periodically opening the vent valve on the reactor cooling system pressuriser. For a time, regulatory (NRC) officials believed the hydrogen bubble could explode, though such an explosion was never possible since there was not enough oxygen in the system. [1]
> Our main conclusions were the following: (1) Most of the initial hydrogen in the bubble was produced by the reaction of the Zircalloy cladding with the super-heated water. (2) During the first 16 hr after shutdown, when boiling of the primary coolant water took place, in the worst case stoichiometric amounts of hydrogen and oxygen could have been produced by radiolysis, leading to a maximum amount of oxygen in the bubble, of 0.7% of the hydrogen, which is well below the explosion limit. (3) After this 16 hr period, when boiling had totally ceased, no further oxygen could have been produced by radiolysis of the primary cooling water. On the contrary, oxygen was recombined with hydrogen due to radiolysis at such a rate that the oxygen in the water was completely removed in less than five minutes. The subsequent rate of removal of oxygen from the bubble by dissolution and radiolysis depended essentially on the rate of dissolution. [2]
Sure, secondary containment might fail. But it buys a second chance and requires penetration of meters thick reinforced concrete on top of a failure of the pressure vessel. With such secondary containment it's likely that Chernobyl would have only resulted in the deaths of operators working near the reactor and water supply, and drastically less contamination of the surrounding areas.
This is ranging on hyperbole. Even in the case of a meltdown the result wouldn't be another Chernobyl. The latter was an unshielded reactor. Literally the soviets didn't bother putting a concrete condom on their reactors, because that would be too expensive. We've already experienced meltdowns in properly built reactors: https://en.wikipedia.org/wiki/Three_Mile_Island_accident