"On the other hand, not being able to boot Linux on x86 hardware because of key blacklisting would be problematic too."
As I understand it, all UEFI systems must have the ability to disable secure boot enforcement in order to get Microsoft certification. Is this correct? I've read the arguments about how hardware manufacturers will screw this up and I even agree that this is likely to happen with some systems at some point. And maybe this line was intended as shorthand for that possibility. However, (as written), I think that line smells an awful lot like FUD (fear, uncertainty, doubt).