Let’s clarify this subject a bit, as it is very often used as an argument against a solution we do not like.
In-house vs Outsource
Your IT department may lock you in in the same way as your vendor. Does it matter who do you pay to? In the case of external vendor, you may count on competition, at least.
Means nothing if you do not have skills related to the code. It will take ages before you acquire them to fix a single bug. That’s why companies who heavily rely on open source support contributors. It is not good will, it is insurance policy.
That is a true lock-in. Any new service, any unique API you call means one more tie to a specific vendor. The more integrations you have, the less room you have for changes.
Centralisation vs Decentralisation
This is completely irrelevant. What matters is whether someone is in control and how much power he/she has over the system. The creator of a decentralised service may have malicious intents, too.
Not always a problem
There is no easy defence. Reputation and strategy of the provider mean a lot. If there is a proven track of delivering value, you may not even notice you are locked-in. More, Lock-in scares new customers, so some providers may be truly interested in not abusing their position.
It is a balance issue
You will always depend on someone. Pick up the right company on the basis on what do you want to achieve.