The motivation for this security sounds very similar to what I've encountered. I was working as an electrical designer at a company that had field computers with GUI/control software written in C#. It had node locked licenses with several optional activations, of course, as that's what the sales team likes nowadays.
One day I was working on an I/O module that required testing, and so I asked the field tech engineer to help me out putting it on the machine.. He said sure, picked up the company's test field computer.. only to found out he didn't have the proper license option with the new beta version. The software dev that wrote the module and was also responsible for handing out license keys happened to be on holiday.. so in order to stay moving.. let's say a common C# disasembler tool was used to find function along the lines of "CheckLicense", and it's source was edited to unconditionally "return True;". Literally within 15min the 'problem was solved'.
Sales got ahold of this event literally when they came back from their coffee break (
), and that some large OEM resellers also have some clever software guys around.... so they were hastily checking the books to see if those guys were still buying all the licenses they needed.. and they demanded that this issue would be "fixed" (which perhaps would start at using an C# obfuscator, or not use a high-level IL in the first place).
I believe the software dev was not very amused by these findings and the motivation of this engineering process, because apparently the whole software project was like his first born child. But then again you also cannot stop anyone when he/she is motivated enough. Because admittedly, the whole license key arithmetic and checks was done in a C++ DLL without debug symbols, just the C#/C++ bridge was very poor. But in the end, everything can/will be reverse engineered when given enough time... as there are communities of people that make it a sport to be the first upload a .nfo-annotated piece of kit.
But given that you use a common off the shelf, and in particular a popular and well studied MCU, I think it's virtually impossible to have a 'bullet proof' infosec without tradeoffs. Disabling SWD port, going to BGA with unrouted SWD tracks, hard grounding SWD pins, etc. all sounds like pretty severe but reasonably effective ways of stopping someone to tinker with remaining SWD commands to uncover piece of the firmware.
Sometimes it's not even that they need the whole firmware. If an encrypted image leaks somewhere, then you only need to uncover the few bytes that hold the key to have a decent go at decrypting it (unless you can use creative tricks to obfuscate it, like @darkspr1te mentions) .
I wonder how much mutable function pointers would do to any reverse engineer process. Sure many decompilers will understand C++ vtables, but if you implement your own function pointer stuff where you access the function pointer through a pointer with the address computed in-place, then I'm not so sure how well a decompiler will be able to automagically put 1 and 1 together.