if you locked your device there's no way for an attacker to bypass that security in uBoot, except of unlocking the device again which means disassemble and solder
The less concerned user would keep the battery lid hallswitch connected to SYS_BOOT[5] to allow forcing of e.g. USB (xloader) boot in case some mishap messed up e.g. uBoot.