SMSCON is indeed mere software erased with a reflash. The only way you'd make it more resilient than that is if you find some maemo exploit that lets you run software from the MyDocs partition, or install software from there. Said exploit would then have to be one that makes it self-trigger upon every boot or something. (The lock code isn't something you run, it's not a program, just a hash somewhere of the password. You can't really store executable programs in most of the space immune from flashing, and those you can store, you can't make auto-execute that I know of, meaning that a reflash would wipe anything that actually tells the N900 to load the program at boot, even if the program itself is there and executable.)