What do we actually mean by "locked down"?
IMHO that's a nice fuzzy phrase bandied about which has no precise meaning. Ask three people to "lock a server down" and you'll get three different results :-)
Continuously synced (i.e. replication)?
Synced on a schedule (every X days/hours)?
Synced manually (every time the sysadmin feels like it)?
Q: If you get data corruption on the 'master' server does that corruption get synced to the backup server automatically? Whoops.
Q: Does your master server have logon credentials/keys for the backup server stored on it? If so, master server gets hacked - hackers can log in to the backup server straight away. Whoops.
Q: Does the backup server have logon credentials/keys for the master server stored on it? If so, backup server gets hacked - hackers can log in to the master server straight away. Double-whoops.