You have to assess the risk and benefit of having it before making a blanket statement that it is bad. It is one thing to say it can be implemented better. It is another thing to say that it is so bad the user should disable it and lose security features that are provided.
If you’ve got Intel, IME is what you get. If you don’t trust Intel, don’t buy an Intel. Would it be nice if it was open? Sure, but neither is AMD’s PSP which does almost the same thing. The reason we don’t hear much about it is because the dated conspiracies never really talked about it as AMD was less popular, particularly in the laptop space. Besides, Intel and AMD can trivially add a backdoor without either the ME or PSP - they can introduce something like another Spectre/Meltdown/Zenbleed variant. The whole point about protecting the user against Intel or AMD while using their hardware is moot.
It would be nice if open source stuff like RISC-V takes off and remain open. However, security features still need to be implemented. Things like Boot Guard still needs to be provided, and it will still mean that the user wouldn’t be able to replace the key that is fused. They also have to fully trust the firmware that is flashed in the same way they would have to trust proprietary firmware. Firmware security is impossible without an immutable root of trust.
Outside of privacy communities, customers don’t really care about anything besides not having persistent malware in their firmware and so the computer manufacturer isn’t part of the threat model.
What you don’t want to be doing is inhibiting security features which prevent persistent malware from living on the device. Personally this concerns me more in my threat model than Intel or AMD suddenly becoming malicious.
In that above article, nobody really knows what the HAP bit does or if it even breaks anything from working correctly:
We also found some code in BUP that, when HAP mode is enabled, sets an additional bit in Boot Guard policies. Unfortunately, we have not succeeded in finding out what this bit controls.
We do know that Boot Guard does look at the HAP bit and it is measured and loaded into pcr0. We know that this configuration does mess up modern standby and fTPM are known not to work. The HAP bit clearly messes with Boot Guard policies, and no one knows what it actually does. It could mess up policy enforcement for all we know.
That article also has a quote from Intel stating that there was limited validation, so it would seem something that doesn’t get a whole lot of testing (even from within Intel) and isn’t widely requested. The old NSA HAP program seems was largely deprecated (2011). We can assume they chose to work with companies directly:
While last year’s budget documents signaled that NSA would begin work on a third generation of HAP that other documents show would have added even more security and virtualization features, this was scrapped as the commercial market began offering similar capabilities in integrated packages. Going forward, Lamont said, NSA will continue keeping a close eye on integrated security, as it always has.
The IME is not accessible from outside and doesn’t have it’s own network interface. If it was sending anything it would appear on network intrusion detection systems. All of the exploits we’ve seen so far involve exploits against the ME include stuff like SMM or the MEI interface, which at that point your machine is already pwned.