This implies it is possible to reflash the phone without unlocking it first.
Presumably this means you just power cycle, enter into the boot loader, and the boot loader will happily reflash firmware without any confirmation that you are the owner of the phone.
I can understand why this is done - the main firmware may be non-functional and you need a reflash to fix it.
However the fact that the boot loader is unaware of the locking/unlocking mechanism sounds like a weakness to me. The only protection you have is that the boot loader will only flash signed firmware. But what if you took someone's phone, and loaded an old version of firmware with known vulnerabilities?
Biting the hand that feeds IT
