Well... the case I mentioned of the 28C256 EEPROM getting corrupted was on a box which a customer installed next to the piezo igniter of some huge industrial boiler. The stuff should have gone into a metal box, shielded cables, etc, but evidently not. So spikes reaching PCB tracks (via EM, or conducted via wires) crashed the CPU repeatedly, and eventually it did, evidently, execute the EEPROM write function
There was a MAX706 hardware watchdog (1.6 sec fixed) but it didn't help.
The product has been selling since 1995 and is super solid, zero bugs ever found, except for this one customer.
"Very unlikely"? Not if a bunch of your customers start controlling piezo igniters with your box
One lesson - apart from customer education - is to avoid your firmware containing the magic unlock codes. Not always possible though. My firmware does not contain the RDP2 codes (depending on details, a great way to f**k your company if those got executed
) but it does unavoidably contain codes for writing CPU FLASH (in the RAM loader for fw updates), codes for writing the Adesto SPI FLASH, etc.
Thinking about it, one could wrap the FLASH write code with a GPIO pin test, and have a jumper in there. That would stop a runaway PC. But very inconvenient.