I understand that, but it does require that it supports secure booting. And given that the OEMs only ship with Windows installed, this option will be enabled by default. I can certainly see how some OEMs might not be too worried about not including a feature to disable secure booting - which sales exactly are they going to limit? They're selling Windows machines to Windows users, chances are none of their customers will even notice the difference.
An OEM would have to spend extra time to go out of their way to disable the options to enable/disable secure boot considering that they have to include that option for customers that won't be running win 8 anyway. Most OEMs don't write their firmware, they license it, why pay extra to disable a feature they know people will complain about if it's missing? The last thing a company needs is a slew of bad product reviews and pissed off geeks steering potential customers towards competitors products.
You're going to need the ability to configure secure boot and TPM to be able to properly setup a device for corporate IT environments. Laptops, netbooks, tablets, all that mess is used in corporate settings. Limiting configurability would just hurt sales.