Peer Manager tries to bond despite other configuration

My app is based on ble_app_hrs_rscs_relay, i.e. the nRF52 DK is acting as central and peripheral at the same time.

SDK 17.0.2, SD S132 v7.

I have a service running there that I want to debug using python with "bleak" to inquiry the service.

Connecting to my service fails. As it turned out, apparently due to failed bonding.

As I don't know if it's possible to have bleak bond (didn't find anything regarding this), I deactivated bonding in my code for the tests.

Much to my surprise PM still seems to do bonding?

static void peer_manager_init(void)
{
    ble_gap_sec_params_t sec_param;
    ret_code_t err_code;
    ble_gap_addr_t          p_addr;    
    ble_gap_irk_t           peer_gap_id_key;
    char s_addr[18];
    char key[33];
    pm_peer_id_t            current_peer_id;
    pm_peer_data_id_t       data_id;
    pm_peer_data_bonding_t  bonding_data;
    pm_peer_data_bonding_t  *p_data;
    uint32_t p_len;
    err_code = pm_init();
    APP_ERROR_CHECK(err_code);

    memset(&sec_param, 0, sizeof(ble_gap_sec_params_t));

    // Security parameters to be used for all security procedures.
    sec_param.bond           = false; //SEC_PARAM_BOND;
    sec_param.mitm           = false; //SEC_PARAM_MITM;
    sec_param.lesc           = 0;//SEC_PARAM_LESC;
    sec_param.keypress       = 0;//SEC_PARAM_KEYPRESS;
    sec_param.io_caps        = BLE_GAP_IO_CAPS_NONE;//SEC_PARAM_IO_CAPABILITIES;
    sec_param.oob            = false; //SEC_PARAM_OOB;
    sec_param.min_key_size   = 7;//SEC_PARAM_MIN_KEY_SIZE;
    sec_param.max_key_size   = 16;//SEC_PARAM_MAX_KEY_SIZE;
    sec_param.kdist_own.enc  = 0;//1;
    sec_param.kdist_own.id   = 0;// 1;
    sec_param.kdist_peer.enc = 0;//1;
    sec_param.kdist_peer.id  = 0;//1;
    
    err_code = pm_sec_params_set(&sec_param);
    APP_ERROR_CHECK(err_code);

    err_code = pm_register(pm_evt_handler);
    APP_ERROR_CHECK(err_code);
    ...
}

In my logs I still get this after connecting:

[00:00:00.052,795] <info> app: App started.
[00:00:00.066,589] <info> app: Fast advertising.
[00:00:00.556,701] <info> ble_service: ble_service::ble_service_on_ble_evt::BLE_GAP_EVT_CONNECTED
[00:00:00.557,250] <info> app: Client connected to us using us as server (peripheral)
[00:00:00.561,218] <info> peer_manager_handler: Connection security failed: role: Peripheral, conn_handle: 0x2, procedure: Encryption, error: 4102
[00:00:00.562,011] <warning> peer_manager_handler: Disconnecting conn_handle 2.
[00:00:00.562,500] <info> app: PM_CONN_SEC_PROCEDURE_ENCRYPTION  procedure failed
[00:00:00.562,927] <info> app: Error PM_CONN_SEC_ERROR_PIN_OR_KEY_MISSING
[00:00:00.563,354] <info> app: Error source = 0x0 (BLE_GAP_SEC_STATUS_SOURCE_LOCAL)
[00:00:00.563,781] <info> app: Establishing a secure link by Peer Manager failed! Trying to remove bonds and rescan

Also the stack trace when receiving the event obviously shows the code is going through the secure setup.

Any idea what could be the reason for this? 

I also left out the actual call to pm_sec_params_set(&sec_param); in general as recommended but also this didn't change the behavior.
Is there any other reason why PM tries to perform the bonding? I also tried to delete the actual peer DB, but also this didn't help (of course).