Conceivably, this could be combined with an invoice replay attack in niche situations where the invoice is being presented by a 3rd party, but either the destination is validated, or the skimmer wants to be discrete.

If you're using an LNURL bridge for example, this would be reason to have a short TTL on your invoices.