1. Incompetence - The engineers try to get it right, but fail due to skill, budget or time constraints.
2. Malice - This allows bad actors to compromise the PSP for evil
3. Benevolence - This allows hardware owners to alter the PSP for their own protection.
I think the smart money is on #1, but they're all interesting to think about.
AMD states that the PSP is "ARM TrustZone ... Industry standard" https://www.amd.com/en/technologies/security