Bash allows to export read-only variables

No it doesn't. It merely makes it a bit more difficult to change the value of those "read-only" variables.

"Read-only" environment variables are nothing more than data sitting in the address space of the bash process - and the user has write access to that entire address space.

You can find numerous ways to change the value or even unset a "read-only" bash environment variable here:

Unset readonly variable in bash

There are undoubtedly many, many more ways to do so. For example, a use can get around a read-only TMOUT envval set to "securely enforce" logging out simply by running bash --posix and then unset TMOUT on most Linux systems.

You can not rely on setting "read-only" environment variables and expecting that a user can't change those values.

Bash allows to export read-only variables

No it doesn't. It merely makes it a bit more difficult to change the value of those "read-only" variables.

"Read-only" environment variables are nothing more than data sitting in the address space of the bash process - and the user has write access to that entire address space.

You can find numerous ways to change the value or even unset a "read-only" bash environment variable here:

Unset readonly variable in bash

There are undoubtedly many, many more ways to do so. For example, a user can get around a read-only TMOUT envval set to "securely enforce" logging out simply by running bash --posix and then unset TMOUT on most Linux systems.

You can not rely on setting "read-only" environment variables and expecting that a user can't change those values.