Big datacenters have large and talented engineering staff and routinely customize their machines and firmware heavily. Consumers aren't going to do it, that's true (and relevant to the article: all the Ice Lake parts mentioned are consumer chips). But on a per-revenue basis, most of the market is amenable to this kind of thing.
To be fair though, those chips are a comparatively small part of the datacenter market. Most of them are sitting in IT closets, or per the example above are running HPC workloads on bare metal. Cloud services are the sexy poster child for the segment, but not that large in total.
The trouble is gamers are susceptible to it. They're running running all kinds of untrusted code (javascript, custom game levels created by other users) as well as receiving untrusted game data from other users in multiplayer games which commonly then goes through a data parser optimized for performance over security.
While perhaps true in theory, has there ever been a known case where game DATA from a multiplayer game was able to exploit a remote system and say obtain root access?
Stuff like rowhammer is very different vs something like a SQL injection on a website.
Plenty of gamers download mods that straight up execute code on their machines. They also download game tools that are just code.
They also run games that are just not secure. I know one that was storing user credentials in plain text in the registry (where no special permissions are needed to access it)
