With an unlocked bootloader you (or anyone else) can basically just flash most of the partitions without any security measures coming into effect. If the critical partitions are unlocked, you can flash those too.
The possibilities are endless at this point, you might not be able to decrypt userdata outright, but, as mentioned in the other thread, since you can just put your malicious code on one of the system partitions, all you have to do is wait for the owner to decrypt it for you.
You aren’t completely safe from a similar attack on a locked bootloader either, stock FPOS still ships with Google Test keys (I just checked), as mentioned here.
But since there isn’t an EDL loader (publicly) available, that’s not that big of an issue (for now).
If your phone gets taken away from you against your will and somebody might have connected it to a USB cable and maybe modified it, you might want to wipe it and completely reflash it from factory images.
I’ve personally had my phone seized by police before and given back at a later time, I’ve obviously wiped it afterwards, but I can still sleep great at night with my bootloader unlocked now 
It all depends on your threat level, if you are some kind of activist or live under an oppressive regime, you might not have the luxury to feel that way.