One thing it is useful for, as I understand it, is as a UEFI developer environment.
Also, we have 2 siutations:
The BIOS/firmware checks the OS-kernel, bootloader and driver at boot to see if they have not been tempered with.
The hypervisor or similair software running the VM checks the OS-kernel, bootloader and drivers of the VM at startup of the VM to see if they have not been tempered with.
How would it be less secure ?
I'm not aware of the OS (running on the bare metal or in the VM) checking the firmware and bootloader too. If that was true, then yes the VM could probably be fooled.
If there was some mechanism for the VM to check it's environment. You could obviously sign the firmware/BIOS, OS-kernel, bootloader, drivers and the hypervisor and the OS-kernel, drivers and bootloader of the VM too.
In that case I wouldn't be surprised if some vendor would eventually do it, maybe even with TPM-support who knows.