I like the room key analogy (almost) but I don't think it needs to be stolen and I don't think all the talk about policies and contracts is necessary at all.
It could simply say the thing you're returning is not the local variable. It is a pointer.
I have a box and instead of giving you the box I give you a key to the box. Anytime you want to use the contents of the box you must come over to the box and open it, but you can't take the box with you. If you want to put something in the box you just walk over and put it in - but here's the rub: you have no guarantees that you're the only one with a key. I could give out the key to a bunch of people so you don't know what will be in the box and who owns it.
Use with caution!
I like your box analogy, but I don't think it goes far enough - with C++ pointers it is not always ok to put something in the box. If the pointer is out of date or invalid there is a chance that writing to it will make the OS kill the entire process.
Languages with garbage collection don't tend to have that kind of problem, since whatever is at the memory location will stay at that location until everyone surrenders their pointers.
No one is saying that at all. Pointers aren't evil, but they are dangerous.
Perhaps a better analogy is a sharp chef's knife. In the right hands it's an effective and efficient tool that lets you do things quicker and just as safely as any other tool.
In the wrong hands it is dangerous to the person using it and to those around them.
There are numerous other examples: welding torches, motorbikes, explosives etc etc.
So, for the avoidance of doubt, I believe: pointers are awesome, powerful tools and you can do some great things in C/C++ using them and I sometimes miss them (a little bit) when using other languages. But you can also do some terrible things with them - and I have done some spectacularly bad things with them in the past. But that doesn't mean they are bad - it just means that I am reckless.
Frankly, C++ is kinda schizophrenic about it. First, it is really anal about class membership, to the extent they had to introduce friend qualifier to get around its impracticality. And then you get this.
Please pardon the bluntness, but that sounds like a fundamental failing of whomever you've been learning. Use of pointers in the C family of languages is unsafe. That's "unsafe" in the context of computer languages.
As for the analogy, the talk about policies and contracts is important. There's nothing in the hotel preventing you from using the key to gain unauthorized access to the room just like there's nothing in C++ to prevent you access memory you have no business trying to access.