Sorry for asking that many questions, but as user the motto is "better safe than sorry".
I unlocked and s-offed my HTC One around June-August 2013 and besides a quick TWRP update here and there and a monthly ROM upgrade there was absolutely no need to fiddle around with it more.
Aftermarket development has become that reliable that it's actually possible to find a good "set it and forget it" daily driver setup.
And since I am not a developer and don't deal with those questions on a regular basis, I'm always not 100% sure if I get all the facts right.
Thanks for helping me out with this one!
I'm going to try it next weekend or next week: Going to backup my data and simulate a potential theft with the locked bootloader and reverted to stock recovery. Remote-Wiping the device, unlocking the bootloader conventionally via fastboot and making sure that this wipes all user-data on the phone. And then I'm going to give that booted into OS, revone unlock a try and simulate a potential rom upgrade, just as you described it.
Right now I just can't risk my daily driver phone, as I wouldn't have the time to set it up again.
Thanks for your extended help
Finally feeling secure again on Android.