Is enabled security and disabling Mass Erase enough to protect Kinetis K63 based devices from unauthorized access?

Hi,

We are developing a product using Kinetis K63. As the security is of paramount importance for the application, we
want to make sure that once the product is deployed in field it can not be accessed by anyone unauthorized.

We came across an application note (AN4507) and understood that to secure a device we should set the FSEC[0:1] to 00 (or 01 or 11)
and to make sure that even mass erase does not grant unauthorized access, we should set FSEC[5:4] to 10.

Taking these into consideration the value for FSEC will become 0xB4. If we program 0xB4 value in the flash configuration
(byte at address 0x40C) we should be able to achive a robust security for our device.

Is our understanding here correct? If we are missing any other area of vulnerablity please bring that to our notice.

Also, we did perform testing with the FRDM-K64 but to prevent accidental loss of device we have not disabled mass erase
making the FSEC value 0XBC. We saw that with this value we are unable to enter debug mode using MCUXpresso debug. But
we are concerned that from logs we see that the debugger is able to flash the board but as the image contains 0xBC as the value
for FSEC, debug mode is not enabled. Apart from that we see the text "Part is not secured" in the logs. Does that mean the device
is not secured (inspite of setting the FSEC[0:1] to 00?
Attaching logs for your reference (while debugging with image having 0xBC at 0x40C flash address)

Regards,
Yash Bhatt