I should look up "Linux DBus handle secure data" to see if there's a way to have the lockscreen talk to a DBus daemon to get the user's pin code length and have it be stored securely while also preventing anyone else from listening in on it.

I'm thinking it could be in a file only sudo can read or write to, then the daemon loads it and uses it to tell us if we've typed the full pin code yet or not.