Can still have same physical security.
Looks doable to me in principle. Looking at some arbitrary unblock bootloader guide. The procedure:
Steps include, simplified:
- do something on your computer - skipable [1]
- boot in normal mode and enable something (USB debugging and OEM unlock) in android settings (usability still good if this is kept)
- connect USB - skipable [1]
- do something on your computer - skipable [1]
- automatic factory reset (I don’t see need for this except DRM which is a bad reason.)
I don’t see why this procedure couldn’t be simplified in principle.
- boot in normal mode and enable something
- reboot
- bootloader now allows to boot into root mode
It’s an usability enhancement and unrelated to security.
Also for physical security root mode could require (a special) PIN code or whatever. (What’s good enough physical for normal boot is also good enough for root enabled boot.)
[1] This an certainly be skipped, doesn’t provide security (rubber ducky).