One of the rationales was that you have setup devicelock code with immediate lock, have company emails setup in your device, your company policy forces lockcode to protect company secrets.

"oem boot" allowed you to copy whole root partition without asking the lockcode. With this change copying root partition is only allowed after you have entered the devicelock code.

So hypotically if someone has option to follow mail for exchange security policy vs remove whole mfe support in future updates, which one has valid businesscase? Or if hypotically you can skip devicelock code query without any effort, would you trust your device any more?

You can say that you dont use mfe and dont care if people can steal your data easily, thats why there is still option to flash old bootloader back to device (or just make custom recovery image). But personally I use devicelock code on my device and have updated to latest bootloader and recovery partition (as I can always use recovery partition to get my device to match my latest rdiff backup that I have in a cloud).