I understand that the Titan M2 is the hardware root of trust and it detects other components from being modified.
No, that's incorrect. Firmware on the SoC is verified from the SoC root of trust.
But once the device is unlocked what would stop somebody from replacing the firmware of the Titan M2 itself with a poisoned version that let them do anything they want, assuming they have full physical control and access to the Device? Would it be resistant to this in any way?
Unlocking does not enable loading arbitrary firmware. Unlocking enables flashing firmware images which are verified from the hardware root of trust. User configured root of trust is supported for the OS and stored in the Titan M2. The verification is done by the last stage of the SoC boot chain before the OS, not the Titan M2. In this area, only responsible for storing lock state, verified boot state (rollback indexes, user configured root of trust) and performing attestation.