>data lines at memory speeds
You are thinking of attacking the memory bus. That is hard. Easier then to attack the SPI bus - it is slow and a serial bus that requires only a few wires.
>it'd be easier just to screw with firmware like the NSA did with Cisco gear
That assumes the firmware is installed in China and not in the US: Chinese contract manufacturers assemble the electronics but does not necessarily upload software. It is safer to do that back home to avoid more secrets leaking (probably blown anyway but people do hope) and you can claim some work on production is done in the US. So china might not have that possibility.