Once the photon and the cloud agree on a set of keys for the photon, the cloud locks in on that set until you do a
particle keys send DEVICE_ID KEY_FILE
that unlocks the keys for that device and leaves them open for a fresh try. When you’re erasing / re-flashing a photon, it’s possible to wipe its local key, and cause it to generate a fresh key.
In this case, that means someone would also have to unlock the keys on the cloud side. I think we can relax the key sending rules here if we start sending better notifications / alerts in these cases (e.g. “hey, your photon just changed its key”). The goal behind this key locking was to prevent man-in-the-middle attacks, but I’d like to find a happy middle ground. Sorry about that! 
Thanks,
David