I don't think a 5 year old project linked without context is appropriate when talking about modern boot chain security.

It doesn't even support stubs so it fails at the first threat scenario described in this post.

I disagree. UEFI boot security is not that recent, and it hasn't changed so much as to render earliest approaches less secure.

It is less secure. The initramfs is not signed, along with the microcode.