Even if you can't bypass the password by shorting these pins, you could just replace the entire EEPROM with one that has a known password.

I don't think it's a serious enough security feature to be worth trying to defend against physical access.

Right, but I'm still surprised they've not at least implemented "if can't read EEPROM at boot disable EEPROM writes".

With the architecture used, they're never going to be too robust to physical access. Overall EEPROM reset button on motherboard would be best, and just admit there's no really security against physical access here.

One other point. You don't even need to remove the EEPROM, you can reprogram them in-place using an SOOC-8 clip and an SPI interface (eg buspirate). There lot of info available.

They did as of Haswell. New machines are crackable too with more effort, but this simple short trick doesn't work.

No, I don't know a trick for new machines, and am unlikely to look for one. Modern Thinkpads aren't machines I'm very interested in.