I also encountered that behaviour.
In some courses I have a quiz and a certificate in pairs for a certain period (year). When a year is over, I hide the quiz but left the certificate visible for those students that passed the quiz but forgot to open the certificate.
After some people opened a certificate without passing the hidden quiz (in a critical course), it meant some efford to revoke these "illegal" certificates, erasing them from the database and persuading the students to redo the quiz from the current year.
The only workaround I can share is: don't hide any quiz that locks an unhidden certificate. You can control student access by using the opening/closing date fields in the quiz instead.
I suppose locking is checked in student context, and hidden activities are dealt as not existant. It might be interesting to examine wether a certificate with several locking activities is completely open to any participant, where one activity is hidden and the requirements of the other activities are not met.
Example: A student has failed a quiz and cannot see a hidden lesson. What happens if he opens a certificate that has both as locking activities? Will he see it because the hidden lesson unlocks the certificate or will he see the "requirements"-message because he failed the quiz?