Because there is no evidence of active, widely available, serious exploits (at least without the AMT)? Because Intel supposedly only give the access to ME to NSA? (And if NSA is in your threat model, then you’ve got many more problems…)
I guess it should have a disclaimer, otherwise people might be deceived, thinking that it’s more secure than it actually is.
This might be an interesting read. Currently I don’t understand how to use a vulnerable machine, where any website could read all my passwords in RAM, including my HDD encryption password (if I understand the problem correctly). Never load any JavaScript?
Meanwhile, I guess more attention needs to go to this issue: Port Qubes to ppc64 [3 bitcoin bounty] · Issue #4318 · QubesOS/qubes-issues · GitHub.