Coreboot disables most of Intel ME on x86 except the parts required for essential functions. It certainty cripples external access to Intel ME.
I believe it is a fair assumption that for embedded architectures like ARM and RISC-V, a FOSS bootloader will likely deal with state-sponsored backdoors if they haven’t been infiltrated themselves. This does not take into account baseband attack vectors because I simply don’t know much about wireless, but I’d imagine someone working on these projects likely has their eye on the funny stuff the NSA is likely to try here. RISC-V is FOSS, the NSA cannot legally require anybody to include a backdoor into the architecture itself.