[progval]

Nitpick: Remote code execution is breaking a TLS implementation (eg. openssl), not breaking TLS itself.

> so I'm assuming the difference here is that it's the CPU management chip instead of your browser?

Yes.

If a vulnerability is found in a SSL/TLS implementation, it can be fixed with a software update.

I don't know how Intel ME works, but I'm guessing updating it is harder to update than a browser.

> For that matter, do you trust SSL/TLS significantly less than SSH?

I'm not the GP, but I'm guessing they do. TLS solves a more complex problem than SSH, as SSH assumes the user validates a server's public key manually (even though they usually don't, but TOFU [1] makes it somewhat harder to exploit), whereas a TLS server's key can change at any time.

[1] https://en.wikipedia.org/wiki/Trust_on_first_use