I think this is by design.

Security-related configuration settings generally lock themselves for safety reasons. For example, while we can disable Community Extensions using the SET allow_community_extensions = false, we cannot re-enable them again after the fact without restarting the database. Trying to do so will result in an error:

https://duckdb.org/docs/stable/operations_manual/securing_duckdb/overview#locking-configurations