certbot is available in the stretch release also. It's just a newer version is available in backports.
I believe the certbot website recommends the backports version because it works much better in light of the recent TLS-SNI vulnerability. Older versions require some extra flags to work properly in many cases.
Backports includes only packages considered stable enough for the next Debian release. It shouldn't contain development releases of any software.
Updates from the backports policy only violate the Debian stability promise of not changing certain things within releases; they are not "unstable" in the broken or crashing sense.