Rouge employees happen. Or an attacker may be posing as cleaning staff (in my company we have cleaning during business hours, and every few days we all leave our room while the cleaning lady vacuums).
But primarily, it's not about distrust towards your cow-orkers - it's because not locking your workstation leaves you (and the company) vulnerable to external attackers that made their way to the office via acting confident. Social engineering is extremely effective and quite easy to perform, if you can keep your cool.
Cleaners seem like a huge way in. They often come at night and have unrestricted access. What's stopping them from keylogging or worse? How tight of security can the cleaning crew even run? It's not like you're paying a ton extra to vet folks, and it can't be that desirable a job.
Indeed. Add to that the fact that many cleaning companies employs their crews as "contractors", pay them almost nothing and treat them like human trash (ditto for security personel in relatively safe areas), and you have a perfect attack vector - it won't be hard to find someone who will plug that little stick behind a computer in exchange for some cash and you being nice to them.
But primarily, it's not about distrust towards your cow-orkers - it's because not locking your workstation leaves you (and the company) vulnerable to external attackers that made their way to the office via acting confident. Social engineering is extremely effective and quite easy to perform, if you can keep your cool.