If the new Pixel goes the way most Intel-based chromebooks have, then it should be possible to have a completely generic Linux / non-Crouton device. I believe support for unlocked SeaBIOS is the feature you're looking for.
I read somewhere, however, that without a hardware developer-mode switch, running out of juice can cause the device to revert from developer-mode and wipe your non-chromeos environment. Check the recent Hacker News thread on the new Pixel for more details.
The biggest problem with superfish was not the surveillance itself but instead that it broke SSL and thus exposed all "infected" systems to a plethora of attacks. Because Google controls both the operating system and the browser, installing a malicious certificate would not be necessary to achieve similar levels of surveillance.
It is, with Crouton. https://github.com/dnschneid/crouton
Or to be more precise, run the two concurrently.