Like you said it has firmware which is flashable. Secure enclaves are never 100% secure but if only, for example, Apple can upload to them, it dramatically reduces some random open source project being git pulled. Apple may still pull open source but they would be on the hook to avoid this.
Open sources days of declaring “use at your risk” have become a liability in this hyper networked society. It’s now becoming part of the problem it was imagined up to solve.
A supply chain attack can happen in hardware or software. Hardware has firmware, which is software.
What makes this XZ attack so scary is that it was directly from a "trusted" source. A similar attack could come from any trusted source.
At least with software it is much easier to patch.