Here being careful about revocation means:

Make sure to have an up-to-date backup, that's offline, or at least not mounted on the affected computer.

Check for the dead-man switch, and if present, disarm it.

Only then revoke the tokens. Instead of immediately revoking the tokens, like one would normally do. Nobody is suggesting to keep the compromised tokens active longer than necessary.