The ME is partly responsible for powering up the main CPU. That kind of thing wouldn't be possible without a reimplementation of the ME from the start.
Which, it should be noted, is impossible due to Intel's hardware-enforced signature checks.
Even if a key were to be stolen from Intel it would then be illegal to use in all Western nations. The ME is off limits to everyone other than Intel and its partners, enforced by both the hardware signatures and some of the most heavily enforced (in terms of consequences) legislation on the face of the planet.
Of course that won't stop malware authors, who couldn't care less about replacing the ME firmware to make it secure, but do care very much about the fact that they can hack into the stock, signed Intel ME firmware, then install their malware in a nearly impossible to detect position.