helpful context from my friend who works in cybersecurity when i asked him: Does this look worse than it actually is or is it as bad as it sounds?:

"Hmm my initial read is it sounds worse than it actually is. The initial requirement is for malicious software running on the system and if that's the case there are likely easier ways to get something like a set of wallet keys if someone is storing their wallet on disk (grab the file, or if it's password protected use a keylogger to grab the password the next time the user enters it in). With it being a side channel attack I'd be surprised if it was easy to exploit in anything other than a highly targeted way as those typically depend on a lot of very specific conditions to actually work. My thoughts are if someone has malware running on my system (even only as my user context) this is way down my list of things I'm worried about. It's probably more useful in a scenario like a shared hosting environment to capture data from other users but I'm guessing there aren't many mainstream services that use Apple chips under the covers."