Here's the thing. While I agree that in an ideal world where computers are managed by knowledgeable technicians with both the skill and the attitude to "do stuff right", any firmware mods (let alone JTAG access) would be controlled by a hardware jumper, preferably one that is either:
A) Verified to be disconnected before the "special mode" it was needed for can be exited back to "normal mode" BIOS/UEFI)
B) In such a position in the case that the vulnerable system cannot be buttoned up and slid back into the rack.
That just "doesn't scale". When Spectre/Meltdown or similar are discovered and (at least partially) mitigated, the small business with under 10 servers can do the trudge from one to the next with a "crash cart", and probably has one person who, because they need to be a jack-of-all-trades, has all the needed skills. Now consider even a medium-size outfit (like one of my former employers) who has three or four rows of a dozen or more racks with at least a dozen servers per rack. How many crash-carts do they have? How many adequately skilled IT techs can you cram into each aisle, if you even have them?
One might argue that hardware designers should be more about reliability and security than the current mania for speed and cost, or that software developers should dial back the "Ship it and deal with any problems in the next release, or maybe never, Does never work for you?"
That argument is unlikely to get much consideration from folks who need to keep the lights on in the face of financial and schedule demands. In this universe anyway. "Damage to reputation" doesn't seem to actually happen much anymore. Pretty much all the "victim companies" of massive data breaches are still in business, and no corporate officers are in jail.
Everybody wants quality, damn few want to pay for it.