Ah, missed that. I agree it's not much help security-wise to not be able to generate new deposit addresses. I'll alert the devs to this issue right away.
I believe that after a certain number of new deposit addresses are generated, the old addresses will be retired (at least, the documentation suggests this is the case, I haven't tested it myself); thus generating enough new addresses to invalidate all of the existing addresses could be used as a kind of Denial of Service attack, as there may be funds transfers sent to these addresses not expecting them to suddenly be retired.
Yep, this could happen, but we have to weigh this against the inconvenience of not being able to generate new addresses if you have the settings lock on.