"There may also be resistance from users who see a switch saying "turn off security" and don't want to flip it."
Well, from my experience, the situation is probably quite the opposite. Users anticipate any "security" feature to be an inconvenience for them and may well be willing to act to deactivate it at first confirmation of such inconvenience.
And well, when you think about it, maybe they are not so wrong about the overall situation. When you look at them in more detail, most recent security mechanisms do not adress final customers needs. They have been made to protect network operators, commercial software vendors, gaming companies, content distributors, etc. Being technically savy on computer security  may prevent us from asking us the right question about this secure boot security mechanism: should we accept it or reject it (you know, like that patch for the kernel)?
With restect to these recent evolution, it seems to me I'd like to have a different mechanism on my computers. IMHO, if I take this one, I will not have any other in the near future so; maybe I'll go in the users camp in fact and turn off that switch initially at least to show my desaprobation.
Anyway, this is just a mechanism; maybe it does not even fit my security needs... but that is another and more important question.