There's more to a computer than just the OS. A lot of firmware such as processor microcode are closed source. So it doesn't matter whether the OS you use is open source; if the firmware for your hardware and the hardware itself is closed source, then you are at risk of that closed source being malicious or containing something that can be exploited. One example of this is the Intel Management Engine which could allow someone to remotely access and control your computer and there's no way to disable it because it is baked into the hardware and firmware, both of which are also closed source.
Right, although the "someone" who has unfettered access to a computer with Intel ME is Intel themselves (and anyone else holding the code signing key for executing code on the ME processor). I think exploits were discovered last year where an attacker circumvented the use of the Intel code signing key, but I forget the specifics.
tldr: Intel owns your computer. Stop using Intel (AMD won't help you, they have a similar tech on newer CPUs too)
As of Intel's ME, there are solutions to
neutralize or disable it people even suggest not to use Intel processors made since 2008 and AMDs since 2013.
There's alot of skepticism about whether ME cleaning/disabling is of any real benefit. It's better than nothing, but the ME and it's firmware either still partly exists after cleaning (only something like 95% of the ME firmware can be flashed, otherwise the CPU refuses to initialise hardware components so the BIOS can load), or still exists completely after disabling (disabling is a feature that Intel designed, we're essentially trusting that the feature does what Intel claims it does).
Intel defined several negative numbered control rings for the ME to use. This means that the ME can function like a rootkit that forms an intentional part of an x86 computer's design. It cannot be removed completely, and so all Intel machines should be considered compromised hardware. The ME could lie to you about anything your machine is really doing, and surveill what happens on your machine. So the Intel ME could be used to steal all Bitcoins from every machine with an Intel ME, one can only speculate Intel must have those ME code signing keys under very limited access and very close supervision within the company.
Ironically (considering the title of this thread), hardware wallets mitigate this attack vector, as Bitcoin private keys on a hardware wallet shouldn't be accessible to the ME if a hardware wallet is secure enough. But don't let that comfort you too much, i reiterate: Intel are behaving in bad faith with their ME tech, please stop using Intel CPUs.
tldr; This should be (and may eventually become) a far more controversial scandal than Facebook selling user data to 3rd parties; Intel can collect ALL data from your machine, not just some of it. And Intel can lie to you about what your computer is really doing.