Re: CPU the only risk?
Exactly, the CPU itself is very unlikely to have backdoors or anything specific in it. Exploits or backdoors are going to be be in the supporting services that surround the CPU, the support chipset: the OS and the OS's device drivers.
By its basic nature, the OS that runs a system requires full access to the CPU, including all operation levels and all metrics and support. There is no point in a "super-duper-secret-access-mode" function in a CPU, this level of access can be performed using normal operations. Access to more privileged operation levels in a CPU is managed by the OS.
The support chipset, on the other hand, will have direct memory access to the entire system outside of the scope of the OS, will be able to send and receive network packets without the OS ever knowing that anything is amiss - this kind of communication will be undetectable inside the system itself, however observable outside through packet monitoring.
Device drivers also tend to have enhanced access to the system, including DMA access and direct access to hardware. At this level they are more readily monitored and the source code can be decompiled and assessed for potentially unwanted behaviour. Depending on how well written the driver code is, the OS is likely to be unaware of unwanted behaviour in the driver, these are trusted components.
The OS itself can easily have backdoors and access code in it. This is more readily detectable as the executable code can be decompiled and assessed for potentially unwanted behaviour, however if written well it should be relatively easy to mask as the OS provides this functionality.
The applications on top of the OS are even more likely to have back doors, access code or just exploitable through programming defects.
In the end the most likely source of leaks is the bag'o'flesh in front of the device. Many will happily sell their passwords for chocolates, use easily guessable passwords or just email or print and lose important information.