That would work of course, but despite its complex method it is easily rendered useless.
However by adding some more work, your steps can give an almost perfect solution.
Instead of a "boolean" childsafe parameter I propose to store some user password hash into the settings, using Jimmi MD4 auth code from smbman (thus externalizing it into opl/src instead of modules/smbman).
Then we should use the virtual keyboard (already there for string settings) to ask the user for the password when entering settings/compat mode for the first time (when not already auth if password if present into settings).
A bit more work and testing, but should be optimal ...