A more generous explanation is that it might be both — vendor lock-in also happens to be a security measure.
Having important info on your device and having that device accessible to the wild, wild, internet is a very real problem. If the "walled garden" is a flawed solution we should work on a better one.
Anyone who thinks that vendor lock-in is a security feature didn't learn a thing from the Crowdstrike incident last year. The biggest security incident in the history of the entire internet was caused by a cybersecurity ''vendor''.
Having important info on your device and having that device accessible to the wild, wild, internet is a very real problem. If the "walled garden" is a flawed solution we should work on a better one.