This means your firmware is not fully secure if RDP1 is used. Attacker may attempt to erase the device, which would set RDP0 (full access), but the memories may not be fully erased, so full or partial firmware may be recovered.
If you care about firmware security, you will have to use RDP2, but this is a one way process, once this level is set, it can't be reversed. So, you probably want to make a bootloader first.