SourceForge, the code repository site owned by Slashdot Media, has apparently seized control of the account hosting GIMP for Windows on the service, according to e-mails and discussions amongst members of the GIMP community—locking out GIMP's lead Windows developer. And now anyone downloading the Windows version of the open source image editing tool from SourceForge gets the software wrapped in an installer replete with advertisements.
Intel and everyone else knows that restricted boot environments for personal computers (desktops and laptops) will be hugely profitable. Entertainment companies love it -- they can deploy a new kind of DRM that won't be defeated for years (see: PS3).
SecureBoot is not a DRM system (for now). If SecureBoot is on, the requirement is that the code executed before ExitBootServices() has to be signed. All code executed after that doesn't. So for example one can create a Boot Loader like EFILinux that will be signed and conform to the specification, and that can load unsigned kernels, and those unsigned kernels can contain any code. The kernel may emulate an EFI interface (like loaders for osx on BIOS), and load Windows kernel, patching it and then starting.
Or, you on PCs that have it turned off, you can create your own EFI application that will load instead of windows's boot loader that will override the GetVariables() functions, so that if the windows kernel queries it, it will return that the SecureBoot is On. It can also patch the kernel itself in memory before starting it.
No amount of careful planning will ever replace dumb luck.