Even with chip security features this is still the case (if an attacker gets their hands on it it can be compromised). There's no chip that exists that I'm aware of that can't be compromised to have its firmware dumped.

It's like locks: Every time a manufacture claims to have made an unpickable lock someone goes and picks it. It's the same for chip security features.

Microcontroller "security" features really are security theater and not actual security. The only real reason they exist is because certain vendors/"big buyers" will require it as part of their parts checklists (which is silly) and it provides a way for chip manufacturers to wriggle more money out of each sale.