You are presuming physical access to the box in order to make the change in the firmware. If they have physical access, secure boot is meaningless. Secure Boot is to make it impossible for software to manipulate the boot process and install malware.
The point of UEFI is to prevent an attacker from getting at your bootloader by preventing you from getting at the bootloader. If I wanted to create my own bootloader, I would not be able to. This is the same argument for the iOS App Store model to prevent malware. Make sure that only a select few gatekeepers have the keys to the kingdom.
