"You need to be able to increase the costs of getting caught" -- Edward Snowden

Deliberately inserted malware, laying in plain sight in source code, is an existential risk for a company with a reputation like IBM's. Of course, there isn't a 100% guarantee of it being noticed, but a 1% chance of that happening is enough for them to tell the spooks to fuck off.

Special Access Programs only work because God-mode coprocessors like the Intel ME ensure zero risk of blowback for the manufacturer. Force them to have skin in the game and they aren't pushovers anymore.