Pixels and SafetyNet are different than a console appliance (e.g. Xbox, Playstation) in that Google allows both unlocking and relocking the bootloader, without affecting the integrity of a Pixel's onboard cryptographic hardware and secure enclave. This means you can, for example:

1. Unlock the bootloader and install an alternative OS (e.g. Graphene).

2. Relock the bootloader and still benefit from the Pixel's hardware security.

The above is not possible on modern video game consoles, or other phones, for the most part. Hardware cryptography has historically been used to lock customers out of their own machines for the purposes of profit, but that doesn't mean it has to be.

In the threat environment as it exists today --- a world in which almost everyone has an always on, always networked computer which must continually reveal its location in order to interface with the global network --- something like the Pixel's design ought to be the minimum standard for a computer in your pocket. Sadly, the only other device on the market with similar hardware security features is the iPhone, and it's as locked down as a games console. Samsung's Knox is another secure hardware platform/architecture, but they burn out a fuse on their phones to disable it when you unlock the bootloader.