"s a lot better in terms of security with firmware that follows secure coding best practices."
This stinks of the "Security by obscurity" approach.
Intels IME looked like a direct cut and paste of both the hardware and the software
IHMO this, being (in principle) small but highly critical should be written with the very sharpest methods for righting provably correct software.
It's not running the core load of the processor. Speed is not that vital but minimal vulnerability (I think zero vulnerability is impossible but then again Shuttle software, about 1MB in size, didn't find one during live operation over 30+ years) is.
I don't see any chip designer or mfg having the skills or the commitment to do that.