See some discussion in T6755. Providing `auth lock` and `auth unlock` commands would moderately increase the security of installs in the face of a compromised administrative account. There is normally very little need to edit authentication configuration after initial setup, and it necessarily has a wide array of access implications.
With respect to T6755, specifically, it is potentially an SSRF vector. It's somewhat hard to imagine this being a meaningful component of a practical attack, but not wholly absurd.