alt Hacker NewsLockdown mode works by reducing the surface area of possible exploits. I don't think there's any failures here. Apple puts a lot of effort into resolving web-based exploits, but they can also prevent entire classes of exploits by just blocking you from opening any URL in iMessage. It's safer, but most users wouldn't accept that trade-off.
Claiming reduced attack surface without showing which exploit classes are actually eliminated is faith, not security.
And Lockdown Mode is usually enabled _after_ user suspects targeting.