It's definitely warranted as a random person.

See https://security.stackexchange.com/questions/262444/should-i-worry-about-compromised-firmware-when-reinstalling-an-os from an admin point of view and also https://www.binarydefense.com/resources/blog/running-malware-below-the-os-the-state-of-uefi-firmware-exploitation/ for a technical discussion on how such compromises work and can survive even a new OS reinstall.

Also note that things like your mac address could be leaked out and collected (as per https://theprepared.com/forum/thread/turn-off-your-wifi-when-you-dont-need-it-and-other-tips-on-how-to-prevent-hacking-and-tracking/ ) though Apple specifically has a private mac address spoofing feature to combat this. A lot of this collection is automated, as to cast as wide a net a possible.