intelligence if somebody is able to compromise the device to the extent where they can take advantage of the unlocked bootloader, they will be able to install their own avb key or some other trickery as well. In my opinion, trusting a locked bootloader to provide you with ANY additional security is giving you a FALSE sense of security.
My understanding of a locked bootloader is that it would actually prevent the loading new signing keys. Or, that it would at least detect the tampering at reboot. So, in this case, the locked bootloader would provide additional security over an unlocked bootloader.
Do you have any reference material on any existing proofs of concepts or exploits that installed their own key and signed images that bypassed a locked bootloader?