You are right I misunderstood how that works. I had hoped that the back-up is always running in some kind of disabled mode - it does not process flows and/or handle messages, but it does periodically (per waitInterval) query the database to figure out if the active lease has expired to determine if it is its own turn to become the primary. That is, I had thought the back-up is a warm standby which can automatically become active shortly after the primary becomes inactive.
After briefly testing the primary and back-up nodes with additionalP2PAddresses and mutualExclusionConfiguration, I have realized that is not the case. What actually happens is that, it seems to me, when the back-up tries to start, it first queries the db for the current lease timestamp, then it waits for a period as determined by waitInterval to query the db again to see if the timestamp has changed. If yes, the back-up will shut itself down (become cold). If no, then the back-up will start to take over as the new primary. Not sure about the exact algorithm implemented but seems to be something like that. Of course, to make it work, as documented, the primary updateInterval must be smaller that the back-up waitInterval.
Please let me know if my new understanding is still off.