I am all for doing silly security things (like upnp and exposing services outside my network i shouldn’t)
But shipping a device with network boot enabled by default doesn’t seem the way to go (yes i know it only matters if you have a dock / usb network device AND the BIOS isn’t password protected, etc etc).
You can disable it in the BIOS if you feel the same way.
What is network boot?
When you boot an OS across the network https://www.howtogeek.com/57601/what-is-network-booting-pxe-and-how-can-you-use-it/