Secure Boot: this is not the protection we are looking for
So there you have it: recommending idly Secure Boot for all systems requiring intermediate security level accomplishes nothing, except maybe giving more work to system administrators that are recompiling their kernel, while offering exactly no measurable security against many threats if UEFI Administrative password and MOK Manager passwords are not set. This is especially true for laptop systems where physical access cannot be prevented for obvious reasons. For servers in colocation, the risk of physical access is not null. And finally for many servers, the risk of a rogue employee somewhere in the supply chain, or the maintenance chain cannot be easily ruled out.
The author makes a compelling case, but my knowledge on this topic is too limited to confidently present this article as a good one. I'll leave it to those among us with more experience on this subject to shoot holes in the article, or to affirm it.