I personally don't see many bootloader attacks these days. Consider that SecureBoot only protects from attacks like this, after bootstraping it is upto the OS to ensure security. So purely from this, I don't think the tradeoffs are worth it. Once you have infastructure like this, it isn't hard for it to be misused (even with good intentions).