How to minimize the risk posed by Intel AMT/ME's "ring -3 exploids"?

This question about how to minimize the risk posed by Intel AMT/ME's ring -3 exploids?, targets for general advices and strategies which are commonly applied. In order to allow for more concrete advice I also want to lay out the special case I seek this advice for.

I am parking my encrypted Intel iCore5 mobile device often in S3 hibernation mode, while the laptop is pluged in the power mains. I run a GNU/Linux and I do not use wired network but wireless lan. The memory itself is not encrypted (e.g. a system working on the http://ift.tt/164HGNg concept). According to my understanding of this article about Intel's AMT/ME vulnerability there can a risk assumed by the mere fact that a second processor, i.e. the AMT/ME's one, is able to run during S3 hibernation and use network communication. To clarify the space for suggested improvements and risk/exposure reduction strategies I want to be clear, that I do not in any way appreciate nor need that AMT/ME stuff, and if can think that one way would be to disable it. Additionally I wonder if using Coreboot would be allowing to reduce this risk further, and why?

Also I was thinking about making a hardware switch on the antenna of the wifi as to be able to shut it off with the system, yet even the idea of being vulnerable to OOB by Intel's AMT/Me "feature" while the machine is up and running is not a happy though.