@Steve McPolin re. IB and RDMA
I do not agree with your comparison between Firewire and Infiniband.
Let me say that I am not an Infiniband programmer, but I do support HPC systems using IB and RDMA. Having said that, I do understand, IMHO, a bit about how RDMA is implemented, at least on the UNIX systems I support.
RDMA is a way for a one-sided communication (amongst other things), that allows a system (A) to perform a memory operation in another system's (B) memory space without the involvement of the second system's OS. But that does not mean that the system B is completely divorced from the transfer process, nor does it mean that A has full, unrestricted access to B's memory.
Before an RDMA operation can be performed in IB on UNIX, system B has to set up a memory region, and also set up an access window to that region to allow system A to use it. System B is then given access to that region without B's involvement, but cannot (as long as there is no flaw in the HW/FW/SW stack) go outside that region.
This means that it is perfectly possible to have the benefits of RDMA without compromising the security of the entire OS, and if a long-term window is set up (say, for an HPC type workload that runs for some time and uses the window for many transfers), the involvement of the OS on B is limited to setting up the window at the beginning, and breaking it down at the end of it's use.
Now I do not know whether Thunderbolt has this ability, or if it has, whether it is configured and used in MacOS, but just because RDMA is available does not mean that the system is completely compromised.
From what I read about Firewire (and this is just from the Web), the default was that RDMA was turned on, and was not limited by default. This is really the flaw, and could almost certainly be addressed by careful system administration, but if you don't know what to fix, you won't do it. I have heard other stories from various Web resources that Firewire really did have this flaw, and that it could really be exploited by plugin hardware. Even if the quoted example illustrates flawed system administration, just think how much useful information can be gleaned from direct access to the memory of a system.
Unfortunately, the good ideas of the hardware engineers do not always match with the requirements of real-world environments. But you would have thought that someone in the driver design process would have gone "..Hang on a minute, don't you think that this is opens a security hole...", but then I have seen too little joined up thinking in large organizations recently. Too many people still think that a PC is personal.
I reserve my judgement on Thunderbolt until there is more information.