It's a service processor. No big deal in itself, we had them as far back as mainframes go. The VAX-11/780 I worked on/with in college in the early 80s had a small PDP-11 (an LSI-11/23) in the bottom as a service processor. I'd be more worried about a much more direct avenue of attack: microcode updates. Every Windows system and most Linux boxes include the packages to take the latest firmware updates from Intel and AMD and download them into the CPU during system boot. If Intel wants to put something malicious into the chip, all it has to do is issue a firmware update with it and it'll get near-100% coverage. If a bad guy has the keys to sign an IME binary, they also have the keys to sign a firmware update.