BIOS and UEFI have higher privilege in the system than the OS kernel,
which has higher privilege than userland processes, which have higher
privilege than the user.
Any component with higher privilege can override, circumvent or
contradict parts of the system and users with lower privilege levels.
BIOS is x86-specific.
UEFI is arguably not technically superior to BIOS.
UEFI has sadly infected other platforms than x86.
Interrupt services were introduced with the BIOS, and will continue
to always be available on x86 platforms, for compatibility.
Compatibility is the only actual value of x86.
UEFI on x86 does not neccessarily have to, but in practice generally
does include a CSM, which provides BIOS-compatible interrupt services
also on systems with UEFI.
Regardless of whether that's a 32 or 64 bit UEFI, the CSM always
provides the legacy 16 bit interface.
Vincenzo, if you are creating a secure system, you must first establish
what is secure *enough* for your use case. Risk assessment and a threat
model are essential, or you will never reach a working reliable system,
because they define your goal.
Security issues can exist pretty much everywhere, so an "ideal" secure
system is not very practical.