"allow manipulating the BIOS configuration ... under /sys/devices/platform/dell-wmi-sysman/attributes/"

Nice.

Actually `/sys/class/firmware-attributes/dell-wmi-sysman`.

If Dell allows the user/admin to change BIOS settings from userspace, are they effectively enabling attackers to do the same thing?

That ship already sailed long ago. Much of UEFI can be accessed from "user space" and has been for years. Note of nomenclature, as far as the initialization firmware is concerned, everything above the firmware layer is "user space", OS kernel, drivers, web browsers. I'd say "you can blame Intel for it" but the fact of the matter is that the PC BIOS has been accessible from the software stack level for years before UEFI at various levels. Intel just made it official with UEFI and defined interfaces.

Not just the main board's firmware is accessible this way. Root kits have been installing themselves in any peripheral that has the ability to write to the board firmware: NICs, mice, keyboards, etc.

There is a concept called a BIOS admin password that you can enable (including via this interface). When a BIOS admin password is set it is required to change settings.

​​​​

Also I would note there are certain settings that can not be changed using this interface as you need to prove physical presence to change them. Settings such as UEFI secure boot and TPM disable.