I’m sure some environments must be more secure that others. Having worked at multiple sites handling highly senstive personal info, not locking your PC isn’t an option. It’s not so much someone using your access, but any data on your screen visible to anyone walking by was a bad thing (especially since the developers had more data access than almost anyone).
Goating at my current office is nonexistent, but people also leave machines unlocked rampantly (which I’m amazed to see). At my old shop, it was usually an email to the developer DL with something silly and a warning about leaving your box unlocked (then we’d lock it). It may seem silly, but after someone has that done to them, they remember to keep the box locked and in the long run avoid a bigger talking to by management.
As a side note, the most fun i had with it isn’t really goatign per se. IT screwed up and used my box for the new developer image, and by mistake had my ID as an admin on every developer box. I found a tool that let you lock/unlock machines on your netowrk as long as you had admin rights. That was a fun 30 minutes after hours.