It could be restricted so you're only allowed to use it on a device that's under management. The majority are not, so that would protect most of them. Presumably the transactions for remote reset / remote wipe / etc. require a certificate that gets installed when a device is managed, otherwise you have bigger things to worry about.