Which is why most systems that allow you to change the boot chain or otherwise mutate the chain of trust will clear the storage on the device (such as unlocking the bootloader in Android). And on Chromebooks, you cannot easily (read: without getting a flash programmer and doing it manually) subvert the boot chain and not let the user be aware of it (that's what developer mode is used for -- it shows a scary warning if the measurement and secure boot are disabled).
The reason nobody mentions this is because the solution is so trivial there's really no point in repeating it each time.
A walled garden OS doesn't do much to stop the abusive/spying household member problem. They can just beat you up until your give them your password, or spy on you and catch you entering it.
But they can't compromise the device without the victim knowing about it. Not all abusive relationships are violent or even directly coercive like that.
So much so that in your attempt to find any toehold to criticize it, your comment had to resort to coming up with scenarios that go outside of the system and rely on human vulnerabilities.
