That’s usually not how secure boot is configured on microcontrollers. They usually come with no code installed and an unsigned bootloader, and therefore no barrier for you to flash what you want on it.
In fact, the STM32 has secure boot, and it’s still one of the most popular microcontrollers for makers and hackers. That’s because the secure boot feature is there for developers, hackers and makers to use if they want to.
That’s correct.
Which is good, as otherwise it would defeat the purpose of secure boot.