It seems that Grub 2 has some buffer overflow problems that could lead to code injection. Secure boot depends on the core loaders to be carefully coded.
The code maintainers have already fixed it but a reminder of over reliance of secure code cannot be ignored.
The C++ standard template layer (STL) has lots of safety designed into it. Range checking is one of them. The STL has lots of standard containers like arrays and queues built-in. Older code may need to be rewritten to be more secure.
The small BIOS chip limits the UEFI to be able to store lots of certificates for operating systems. While Windows is the most widely used operating system, many use Linux for a range of purposes. GRUB2 is the most widely used loader for Linux.
The EFI System Partition can handle serveral operating systems. Windows, OS X, Linux interoperate but BSD is still tied to a FAT partition.
It is vital that all operating system updates are installed. Any BIOS updates should also be installed as well.