Nerdpedes,
have a look at
https://security.stackexchange.com/questions/64915/what-are-the-biggest-security-concerns-on-pxe
Best of:
I can capture a full machine image. Do your systems automatically connect to the domain controller after setting up the machine? If so, this image probably has domain controller credentials on it, that I can capture and use elsewhere.
Computer makes a DHCP request --> DHCP server responds with address and PXE parameters --> Computer downloads boot image using TFTP over UDP
If the good guys got the traffic on that low level, unencrypted. Then they would have it all.
Just pointing out that you can run bad software on a legit, signed kernel
The old diebold machines would run anything with the right file name on an sd card. No checks what so ever.