Yes and even companies that can request it (I worked for one in this role) have to provide extensive documentation.

A phone must be purchased for us (with invoice with serial no) originally, or it must have been enrolled in our corporate MDM before getting locked. And for a while they didn't even accept the latter.

So even if you are at a third party you won't get away with sneaking these through. Which is good, a bit annoying sometimes though when some of our vendors didn't provide serial number invoices. We now require it but during the first years of anti-theft lock it was a bit of an issue and caused a lot of e-waste for us, sadly.

> To my knowledge, Apple has not had any insider compromise of activation lock.

First they would have to get caught.

> This is why criminals try to phish the credentials from the victim instead.

Either method would be effective and not every criminal would have access to an insider, or they would have to pay off the insider for each device and then still prefer to phish the customer if possible to avoid paying the bribe.