That already exists, it is called IOMMU. Unfortunately, IOMMUs do not always work as advertised.

The problem of connecting malicious FireWire or Thunderbolt devices is also worked around by accepting newly connected devices only while the desktop screen is not locked.

that makes the large and rather false assumption that all user purchased hardware isn't malicious, there have been plenty of cases where employees have infected the hardware itself or even the device drivers for devices shipped out to consumers, It's not just a matter of a malicious agent running around with a rogue flashdrive.

Of course any user owned device can be malicious. User owned USB flash memory can contain malware. User owned hard disk can do evil things like TOCTTOU attacks. User owned PCI network card can try to take over the PC etc.

The protection of the lock screen FireWire/Thunderbolt disable or IOMMU is only against an attacker walking up to a FireWire/Thunderbolt equipped PC and gaining access using a DMA based attack. You cannot in principle guard against the user connecting malicious devices to his computer while assuming that they are safe. I recommend watching Peter Stuge's (of CoreBoot fame) talk at 30C3 titled "Hardening hardware and choosing a #goodBIOS".

Right exactly, my argument isn't that USB is immune to malicious hardware but that the barrier to entry for a malicious device screwing over a computer is higher because the attack surface is smaller.

One other thing to keep in mind is that there are really only two kinds of devices that demand significant throughput, and those are storage devices and displays, (ignoring networking as that is outside the scope of USB and Thunderbolt at this point in time), everything else including audio fits comfortably inside of what USB 2.0 was capable of doing, and even in terms of storage consumer grade HDDs really can't saturate a USB 3.0 line. SSDs can but that requires a certain grade of SSD and most people aren't going to be running them externally anyway, they'll be using flashdrives which means a significant performance penalty (my Mushkin flashdrive only runs at ~125MB/sec read which is ~ 1/5 of the theoretical max throughput of USB 3.0) meaning they have no benefit from thunderbolt.

Admittedly the speed with the mushkin could very well just be a bottleneck of the drive it's copying from/to, which is a further issue with focusing purely on how much you can theoretically shove through the pipe, as opposed to the system at large.

I'm never a big fan of these universal connections. They may be jacks of all trades, but they are masters of none. USB2 was fine at the time, but right now it's a major pain due to its limitations. Same will happen with Thunderbolt, whether or not it takes off. With different cables, you can improve specific connectivity ? replace DVI with DisplayPort, audio jacks with S/PDIF, USB2 with eSATA or USB3. With Thunderbolt it wouldn't be possible to update just one of them, you'd have to update them all. And there will always be more efficient connectors for specific tasks.

So sure, it saves cables (sometimes; I have a dedicated sound card, so for me it would not save any cables at all), but I'd rather see diversity (but standardised) here.

It saves cables and connectors. For lightweight laptops, having only one thunderbolt port from where you can daisy chain two monitors is better than having 2 hdmi + 1 display port + 1 esata + 2 additional USB for keyboard and mouse while on desk, etc...
Of course, if it is used to remove all USB ports + audio jack, it's a bad move (I'm undecided on ethernet). But on portable devices it can really help.

Hence why in the quoted post you can see "So sure, it saves cables".

I assure you, this is not a problem for someone that buys a new Mac every 3-5 years. Can you run us through a scenario in the white-box world where you believe this would be an issue?