To turn the tinfoil hat the other way though... until recently it would have been trivial for a nation-state to intercept and add a hardware implant to a motherboard.
So on the one hand SecureBoot & ME are terrible, but on the other hand the pre-existing security regime was also terrible.
The ideal would of course be for Intel to be more open about the ME, but who knows if that will ever happen.
SecureBoot is fine actually as long as you can replace the root keys. (It is about add trustworthy as TPM hardware and Intel's SINIT blob, which does not say much.)
