I am still pretty bewildered at this.

+       NULL, "acpi", DV_DULL, CD_SEVVM

So you will trust acpi, all the AML tables, and you trust our AML parsing
and interpretation code in sys/dev/acpi to do the right thing.  (That is
really dubious)

You also trust pci and ppb.

But if some pci device gets attached on the bus, you are way more
worried about the match and attach code in it's driver...?  Most are
not going to be used except after ifconfig, or disklabel/mount.

Maybe this is about non-pci devices?

Can you explain what driver-code you scared of?  Some examples would help.