And if it is available from root, then it's still possible to make an SD card that voids the warranty - although it is slightly less "script kiddie" territory since it requires more than just editing a text file. That's a good thing.
Ultimately however, you have to look at what anyone might get out of doing such a thing. There are a few aspects to this:
1) Kid overclocks/overvolts his own R-Pi for better performance, and bakes these settings into his usual card. This card is then used to boot a school R-Pi briefly (10 minutes) for a show-and-tell session - thus accidentally overclocking/overvolting that board. Since people are used to overclocking settings being in the CMOS RAM, not the card, this is entirely plausible.
Should the warranty bit be blown? If not, should the overclock "take"? With an OTP bit for *permitting* overvolting, or with one blown for *preventing* it, there is no accident, the warranty remains intact, and the board may or may not boot due to overclocking beyond stable limits. One could say that if overvolting is called for but is not permitted, the overclock settings should be ignored.
2) Kid makes a malicious card which unlocks the OTP bit (if necessary) and overvolts the R-Pi, just to blow the warranty bit, and makes the rounds with it, booting each board for just a few seconds. Nobody knows that this has happened, since all the boards run perfectly fine and at normal speed when booted from normal cards.
But what's the motive? If nobody knows, it's difficult to justify doing this for bragging rights or for revenge. Even sabotage is unlikely, since an R-Pi is unlikely to fail immediately or eventually due to a few seconds' running in an overclocked condition. If one or a few *do* fail immediately, there is a fairly good chance that the perp can be identified and appropriate action taken.
Even so, a prevent-overvolting OTP bit could successfully prevent such an attack. I just don't entirely see why it is necessary.
3) Kid makes a malicious Trojan card which blows the prevent-overvolting OTP bit. He then convinces other kids to boot the card, based perhaps on some "cool demo" (which he need not have written himself). Result: other kids' *personal* R-Pis are no longer capable of overvolting, and power users might find that the overclock settings on their usual cards are no longer stable.
I *can* see a motive for this: jealousy, hence sabotage. One kid's R-Pi consistently runs better than another because he's not afraid to play with the overclock settings, and maybe he got a chip slightly better than average by chance. Other kid wants to cut him down to size...
Overall I therefore suspect that the "prevent overvolting" bit would be more harmful than the "allow overvolting" one.
The key to knowledge is not to rely on people to teach you it.