Even if hardware is not open, hardware can be isolated. Then provided you are in control of the communication between the isolated hardware, you can be more certain that you are in control. Security through isolation doesn't require perfect security of the closed components. The problem with the management engine is that it can't be isolated.
As the trend is to integrate more and more IPs into System-on-Chips hardware isolation is not really a given nowadays. You still have external memory I suppose, but you can do a lot just messing with the caches and the rest of the pipeline especially when we have more "high level" instruction sets dealing with AES and other crypto algorithms natively.
Also I don't really see how having access to the PSP source code would factor into that. As long as you can't prove that the management engine is really running that code unmodified and there's no hardware backdoor to change its behaviour it won't really get you anywhere.
Obviously if the hardware is all integrated together, then you can't do isolation as I described. However, in your parent comment you used the example of a GPU, which is something that can perfectly be fined be isolated, and provided you can write an open-source driver and can bitsniff all the data coming in and out of your untrusted GPU, then you can be reasonably sure it is not for instance sending your screen data to your network controller.
