The Autonomous WLAN feature in 9.7 provides exactly that (ability to provide limited WLAN service in a controller outage) but as you expect - features are limited.
A controller-based WLAN network operates as a distributed processing network - AP's handling what they do best, and controllers coordinating among them.
The reason the AP's "fail closed" instead of "fail open" is due to both technology and policy. The controller has the full state information for the network (like DPSK's in use) - and the APs do not - they have to "ask" the controller what is allowed and what is not. So the options to provide security in such situations are limited. You wouldn't want your carefully protected enterprise network to suddenly switch to open access in such an event.
Note that you can also increase the time before the AP's will re-boot and try to re-connect to the controller. During that time they will preserve existing connections but not allow any new ones. But this also delays the recovery time for transient outages.