From my understanding, since the bootloader is unlocked, you can force things to launch before the proper android OS allowing you to do certain functions such as modify recovery (with TWRP for example) and eventually, enable root access.
Once the phone is rooted, you allow the phone to be administered (controlled) by other entities, other than the OS itself. Meaning a lot of data can be manipulated that was once off limits. GPS coordinates can now be faked, keyloggers can now be installed, etc. You get the idea.
But the thing is, if you do not lose posession of the phone - as in it wasnt seized by the police or border patrol, etc. You should be fine. Malicious actors cannot unlock or relock the bootloader without nuking the entire contents of the device. It is best that you relock the bootloader so that the integrity of your phone can at least be monitored.