If a Field API field attached to an entity is locked a privileged user can still change the cardinality, which can really mess up the website. In the case of a taxonomy term reference, the vocabulary can be changed too and in cases of other field types I, bet there are other settings that can be altered.
I think that once a field is locked, under no circumstances should it be "editable" by any means but programmatically.
This behavior us crucial for distributions and/or installation profiles and advanced modules.
Steps to reproduce:
1) standard profile Article node type has Tags
2) change field config drush @d8 cedit field.storage.node.field_tags to locked: true
3) at admin/structure/types/manage/article/fields click "Term Reference" link
4) You can change cardinality and vocabulary