There are a lot of reasons to like the OnePlus 6, but if you're in the habit of leaving your phone where a random stranger might get access to it you might want to pay attention. The phone has a serious security flaw should someone get physical access,but fortunately a fix is already on the way.
As noticed by independent security researcher Jason Donefield on the XDA developer's forums, the OnePlus 6's bootloader isn't as locked down as it really should be. As it turns out the phone will actually let you boot whatever software you like, even if the bootloader is supposed to be locked, without having to complete the long list of challenges usually associated with unlocking it.
While that might have some advantages for people who like to tinker with their phone's software, it also means nefarious people could install some malicious code without you knowing. Luckily they do need physical access to your phone to do it, along with a computer and USB cable to to the actual installation, so it's not likely to affect the vast majority of users. Still OnePlus has recognised that it's an oversight and has promised a fix is coming. The downside is that it's not expected to come with OxygenOS 5.1.6. Hopefully the wait won't be too sever.