i use my SGS2 with cyanogenmod9, and I found out the following:
I CM9 you can activate the option to kill an active app by holding the “back” button.

If I lock my SGS2 via anti-theft sms and the lockscreen appears, I can simply close the lockscreen by holding the “back” button.

Well… It’s not wise from CM9 to kill the password security of the phone… I suppose there should be a way to avoid to kill precisely the lockscreen… Or would be only we two that want it? ???

would be wise to not kill the lockscreen, yes

So it seems this is a CM9 specific issue and not Avast side.