My understanding of LockerService is that it provides an additional security measure, to compensate for a weakness in the lightning components system. According to this blog post by Salesforce, LockerService prevents:
- Components from causing XSS and similar security issues. XSS means cross-site scripting and is a security vulnerability often found in web applications.
- Components from reading other components’ data without any restrictions.
- Components from calling undocumented/private APIs.
It also enables:
- Cool new features like client-side API versioning similar to REST API versioning. REST stands for REpresentational State Transfer, and is a way of providing interoperability between computer systems on the internet (Wikipedia).
- Faster security review.
- Better and more secure JS development practices.
- Running 3rd party JS frameworks like React, Angular etc.
- Easily adding or removing new security features and policies.
Most managed packages ought to be adapted to LockerService. It’s fairly easy to enable LockerService for managed packages. Just go Setup > Lightning Components. Then check Enable Locker Service for Managed Packages. Click Save.