The majority of IPMI would be enabled by default, yes - however the majority (not all, some are virtual IPMI) are on dedicated NICs - usually labelled management interface or port or something. They're not usable as a normal NIC (although as mentioned above, yes, some are virtual and share an onboard NIC). As such, you're best putting them in a different VLAN. We use differently coloured network cables for them, too, in our datacentre, so there's no confusion. They're in a different VLAN, on a different switch (makes sense to use a different switch as IPMI is usually 100mbit and not worth wasting space on expensive switches for) and only a handful of machines can see that network, which, frankly, if those machines got compromised, we'd be f*cked anyway (domain controllers, etc).
The default config for a Supermicro (which is what I use) is the IPMI is enabled and set to DHCP, so if you left it like that, yes, everyone on your network would probably be able to find it.