yeah will be SIM dependant.
A SIM is a bit like a normal filesystem, but with fixed directory structure and fixed files. The files are either there, or not there. Then you can set permisions on them. Eg. requires PIN1 to read, PIN2 to write. Or Read only, or PIN1 to read, no write etc
There is also a special AUTH procedure which generates the key to lock you onto the network. After you auth, it generates a temporary key to use to encrypt the voice and for future logins for a period of time (network decides this, usually a few hours to a week).
A properly personalised SIM would protect SMS, phonebook, AUTH, temporary key/id files. Or in fact the whole GSM subdirectory.
On the galaxy, it would boot, and read the serial number of the SIM, then a few other files, and then go into the GSM directory. As SOON as any file returned 'need pin 1' it would prompt you for PIN. If using fastboot this first prompt was ignored you would just be prompted for the pin when it tried to read the GSM directory.
An improperly personlised SIM would just protect some non essential (for network login) file that is read on boot. Using fastboot it may skip reading this file, OR read it but not ask for PIN. Since the GSM directory is not protected, it can continue reading and login as normal.
This is 99% the SIM's fault - bad provisioning, and 1% the phones fault - probably skips reading some non essential file when booted with fastboot.