Well in this case it's not really getting worse. The hardware you bought is already backdoored/locked down. It's like closing the stable door after the horse ran away.

So two (or twenty) vulnerabilities in your software isn't worse than one?

That's not a good comparison because there are multiple bad guys wanting to hack into your computer, and more vulnerabilities mean higher chance that at least one succeeds. For this, we can assume that OEMs/microsoft is on the same side, so the better analogy would be: having 20 NSA root CAs installed on my system isn't worse than only one, at least if my threat model is "NSA hacking my communications".