Not trying to criticize, but you kinda make it sound like the screw is there to scare people who don't know what they're doing. That is not really the purpose. The real purpose is to increase the time it takes to unlock the boot process. The idea is that if an attacker gets physical access to your machine while you step away from it to get a cup of coffee, he or she won't be able to compromise it in the five minutes it takes for you to come back. For ideal security, you wouldn't be able to unlock the boot process at all. However, Google sees "hackability" as a selling point, and they want people to know they can hack the boot process and install something else on the machine ((hacker as in computing enthusiast, not hacker as in security penetrator). That's why they've come up with this security screw compromise.
Originally Posted by pgeorgi
True, they have their "5 minutes unsupervised" rule.
Originally Posted by Serge
But it really goes hand in hand: The only way to reliably protect flash from being written is in hardware (no matter if the fault vector is persistent malware, a local attacker or local user stupidity). The only comfortable way to do so (that preserves freedom) is to use a jumper. And there we are...