not sure I would entirely trust IPMI to be left switched on if I was running a server.
Many of them can never be effectively disabled regardless of what settings you choose.
Still okay as long as you keep them on a separate, internal network with no attackers on it though. You're already screwed if attackers have physical access.