That's a lot of computers worldwide.
Remote access to DMA capability is just batshit insanity.
It's still an OS, it's just not on the hard drive.
The real issue is that we don't have the source code for it and only the OEM can patch security vulnerabilities -- or not.
The AMT can't be completely disabled, so people might not have to explicitly enable it to be vulnerable to AMT exploits.
> It's not like every Intel system is silently waiting for an exploit payload.
It's not like it's Intel makes it easy to navigate their CPU and motherboards feature set. Manufacturers are also known to do a bad job on their BIOS/EFI. And given that the computers most likely to be vulnerable are those most likely to be used by businesses and professionals, the damage potential is pretty staggering. But yeah, netbooks are probably safe.
There's a reason you want to keep the amount of softwares installed on a critical system, other than performance.