Read again. The rules in your own quote require that "the device is not easily modified to operate with RF parameters outside of the authorization". That doesn't prohibit modifying the device with such parameters, this prohibits having devices that are even able to be modified, and a device that is merely able to be modified, period, is able to be modified with such parameters.
Furthermore, #1 says they must ensure that only properly authenticated software is loaded. It doesn't say "they have to ensure properly authenticated software if it affects RF parameters, but the rest of the software can be unauthenticated". And even if it could be interpreted that way, the easiest way to prevent unauthenticated software from modifying RF parameters is by preventing unauthorized software, period. Sure, in theory, the manufacturers can split the software up into a RF portion and a non-RF portion and let you modify the non-RF portion, but we both know that that's not going to happen.