Would the following help clarify the locking scheme to those wondering?
Locking uses a very clever bit of mathematics called public key cryptography. The core of this is that you have a pair of keys, so that what one can encrypt, the other can decrypt, and vice versa. You cannot, however, derive or guess any better the other key, even when you have the other one of the pair. (This is why it is called "public key": you keep one secret, and publish/give out the other, so that anyone can encrypt data and send it to you without anyone else being able to decrypt it (because only you have the secret key); and whatever you encrypt, can be decrypted (and authenticated) by anyone with the public key.)
Aside from "encryption" and "decryption", the same key pair can be used for authentication ("MAC" for Message Authentication Code). Basically, one half of the key is used to calculate a cryptographic checksum of sorts of the message, and appended to the message (with the message itself either plainly visible or encrypted). Anyone with the other half of the key can check if the checksum is correct, but they cannot generate a checksum themselves.
For lockable Teensies, the key is used to create the .EHEX file from the .HEX file. The .EHEX file is encrypted, but also contains such a MAC.
You have your key of the key pair in a .PEM file, but the other key of the pair is secreted inside the Teensy (in a way that it cannot be extracted by any normal means), so it will only accept .EHEX files that have been encrypted by its paired key.
Thus, it is the .HEX to .EHEX step, that makes the firmware image trusted and encrypted. You cannot modify it without both keys; although of course only the key in the .PEM file is needed to encrypt a different .HEX to a .EHEX file that the Teensy would accept.
When you first lock your Teensy, both keys are created from nothing using random numbers (so it isn't like PJRC or SparkFun has any kind of a "master key"), one saved as a .PEM file, and the other "burned" into Teensy. After being set, it cannot be changed.
In any case, for the lockable MicroMods, I do believe the only hardware change between lockable Teensies and non-lockable Teensies is the MKL02 bootloader chip (which is basically the same chip but with slightly different proprietary PJRC code in it).
So, isaacjacobson's question in #67 is basically whether SparkFun has done additional changes (beyond the earlier QC changes that dropped the failure rate drastically) in their Teensy MicroMod production, because only that would affect the failure rate compared to non-lockable Teensy MicroMods.
I would guess not, but obviously, until we have reports from people having used a bunch of lockable Teensy MicroMods, we don't know.
So, anyone using lockable Teensy MicroMods: How's the reliability now?