I've been meaning to reply for some time; feel free to e-mail me as I know this discussion will be archived soon.
You're right that Google has relatively little control over Samsung. What they do have is control over the Android trademark, etc., and if Google can require that the Play Store be within one swipe's distance of the home screen when shipped, Google can make other requirements that reflect dedication to ensuring that devices are able to be flashed with AOSP software.
Those requirements are subject to negotiation. Google has some power to push, not based on the Android trademark so much as on the permission to install the Google Apps -- and especially the Play store. The Play store is the big carrot/stick, actually, because an Android phone without the Play store is much, much less useful... at present. It wouldn't be that difficult for Samsung to set up their own app store, and app developers would absolutely upload their apps to it because Samsung is such a huge part of the Android ecosystem. If Samsung were to form an alliance with the top two or three other Android OEMs, their app store would very quickly replace Play as the dominant app store, particularly if they also set out to license all the videos and music they need to reach full parity with the content on Play. Or perhaps they'd take a shorter path: Team up with Amazon which has already done most of this work. If new Samsung, HTC, Motorola and LG phones all shipped with the Amazon store, Amazon would almost immediately match Play.
So Google has to walk a fine line. It has to keep all of the OEMs moving in the same direction, make sure that direction keeps the ecosystem competitive with Apple and Windows (not that Windows has much of the market at the moment) which means making sure the user experience is good and continues to improve, but it also has to allow OEMs enough freedom to innovate and manage their business models so they don't feel like being part of Google's ecosystem is more of a burden than a benefit.
I don't really understand why OEMs seem to feel so strongly that their devices should be locked down, but they do, and they're unwilling to negotiate on this point.
Unless I misunderstand how the Nexus system works, Google *does* have say over how those function, and those have a locked bootloader
So, I think your fundamental error here is that you're thinking locked bootloaders are a bad thing. They're not. They're a good thing.
Locked bootloaders (the way Nexus does them, at least) are there for user security. The purpose of the lock isn't to prevent users from flashing software that does what they want, it's to prevent attackers from flashing software that does what they want -- to give them access to data on the device, bypassing all of the protections built into the stock OS. So, the reason there is an "unlock" step is so that we have an opportunity to forcibly wipe all user data from the device. Someone who finds or steals your locked phone can unlock it (maybe; we made that a little harder in Lollipop), but the unlock process wipes all of your data.
This, BTW, is why I always tell modders that they should re-lock their bootloader after they flash their custom image. Not re-locking it allows anyone who gets hold of their device to flash a new system image that gives them full access to anything on the device (though we're tightening that down in Nougat as well).
That's the main purpose for a locked bootloader, but there are some other benefits as well. They protect devices against inadvertent as well as malicious modification, and they provide a good way to differentiate between a normal device that should implement the full boot chain of trust and those that are in a modifiable state. The vast majority of users never want or need to unlock, and we want to make things very secure for them. Developers (including Android engineers at Google!) and modders do want/need to bypass many of those security protections, so it makes a lot of sense to have a boolean switch that changes between "production device" and "development device" modes.
As for the fuse that the article claims records whether the device has ever been unlocked... that I don't know anything about. I'm sure it's not something that the Nexus team ever asked Qualcomm for. Our requirements to the OEMs who build Nexus devices are that the devices have unlockable bootloaders, and we specify how those should behave. We don't care if a device has been unlocked in the past or not, just about its current state. However, Qualcomm doesn't develop firmware specifically for Nexus devices, and other OEMs do care about whether or not a device has been unlocked. So my guess is that that Qfuse is a Qualcomm feature that has implications on other devices (most likely, unlocking just voids warranties, since flashing bad firmware can damage hardware -- come to think of it, it's possible that if you return a Nexus device for warranty repair/replacement, and the damage is something that could have been cause by bad firmware, and that fuse is blown... maybe you won't get warranty support for your Nexus either).
If Google decides to mandate locked bootloaders or bring an end to the work done by the folks at XDA-Dev, there's just no reason whatsoever for them not to...and that does, in fact scare me.
I do understand your fear. All I can tell you is that the Android engineering team feels quite strongly that users should own their own devices, which means they should be able to install their own software. Probably the best way to see how the Google team feels about it is to look at the Pixel C, which is the first device from Google that uses a Google-provided bootloader. The Pixel C's entire boot sequence is all open source code, and there's a physical switch in the device (modeled very much on the Chromebook "dev mode screw") which allows you to take complete control... after flipping that switch you can flash any part of the system up to and including providing your own implementation of the TrustZone OS. Note, though that your custom trusted OS will not have access to the DRM keys needed to decrypt HD and 4K video from Netflix, etc.
For that matter, if you want to see how Google's engineers look at these things, take a look at how Chromebooks work. Unlike Android, the Chromebook architecture is completely under Google's control. Chromebooks are built by various vendors, but Google's relationship with them is very different, and Google can dictate exactly how they work, within the constraints of the available components.