If there is a reason why some Android manufacturers choose to the lock the bootloaders on their devices, it would be to prevent outside code from being flashed onto the handset, which in theory should keep the device secure. Unfortunately a gate is only as secure as its lock, which in the case of the OnePlus 6 was found out not to be the case.
In a vulnerability discovered by XDA member zx2c4 (via Android Police) who is also a security researcher named Jason Donenfeld and president of Edge Security, it seems that the bootloader has a vulnerability that allows anyone to load up codes onto it, even if it was locked. This vulnerability has since been confirmed by the folks at Android Police.
The semi-good news is that this vulnerability would require the attacker to have full access to your device physically, which means that as long as your phone is with you at all times, you should in theory be safe from this particular threat. However since no one wants to baby their phones all the time, a fix is ultimately the best way to address this, something that OnePlus has promised.
In a statement made to Android Police, the company has promised that a fix is on its way. “We take security seriously at OnePlus. We are in contact with the security researcher, and a software update will be rolling out shortly.”