I think there’s a slight misunderstanding here. We generally avoid recommending any hardware. However, we do have a hardware certification program, and we do test hardware. On top of that, users contribute their own HCL reports.
So, when you ask, “Why is all the recommended hardware so outdated?” it sounds like you might be thinking that we only want you to use X230s, which is not true at all. We want you to use whichever hardware is best for your situation, whether it’s new or old. The fact that two certified laptops happen to be based on the X230 right now is because those vendors sought certification, and their laptops passed all the certification requirements. In other words, vendors are typically the ones who submit certification requests. The Qubes OS Project generally does not initiate things by trying to get vendors to certify particular models.
Many people are happily using Qubes on newer hardware. Now, as with many Linux distros, hardware that’s at least a few years old often has better compatibility, but sometimes even that isn’t necessary.
TL;DR: I think you might be reading too much into the certified laptops.
Now, let me try to provide brief, direct answers to your specific questions:
Why is such an outdated platform still the center of focus for this distribution?
It’s not. Those just happens to be the ones that were submitted for (and passed) certification.
Why not pick a modern, top of the line laptop, and build in Intel ME neutering along with all the other security and privacy features?
That would be awesome. We hope someone does that and submits it for certification!
Why not optimize modern hardware to its fullest extent, instead of focusing on old hardware?
This is a complex topic. Some people have very specific reasons for wanting an Intel CPU from before a certain “feature” was introduced, for example. Some are more price sensitive. Some are less performance sensitive. It’s conceivable that optimizing modern hardware to its full extent turns out to require the participation of a multi-billion dollar vendor who has no interest in meeting our rigorous certification criteria, since mass market consumers don’t know and don’t care about the security rationale behind those requirements. (But hopefully not.)