I don’t know that that is true.
I mean up to a point, if it’s a dedicated cryptographic processor implemented by Intel then in theory it may have a backdoor that allows keys to be exfiltrated to Intel but if you don’t trust this CPU, you probably don’t have any reason to trust the homunculus CPU (IME) or the main CPUs (x86) - all implemented by Intel - and Intel may find that compromising those other CPUs is more productive.
To analyse in more detail would require knowing the precise nature of Intel’s implementation of TPM, which may differ from one platform to another (although I suppose we can take your enquiry as applying specifically and only to the Librem 14, its CPU and its chipset).
Exfiltration from the TPM implementation could be difficult, depending on the specific hardware interface to the TPM implementation.
That is intentional. The keys are intentionally hard to get at by anyone, the owner of the device, or the stealer of the device (or even the manufacturer of the device).
The private key(s) may be “write-only”. That would need checking e.g. can the owner of the device generate a new storage root key and write it to the TPM? But I guess in the worst case, it could be opaque to the owner if the TPM just threw away the new key and continued to use an existing key.
There is an Endorsement Key (EK) in the TPM that allows the TPM to prove its authenticity, and that does involve a private key that Intel knows and that you intentionally don’t know (and presumably can’t change). It is my assumption that the EK is not used in any other cryptographic operations.
Since TPM is just an interface specification, a secure platform is free to ignore the Intel-supplied TPM implementation and use a separate TPM somewhere on the platform. Whether Pureboot can use that I don’t know.
I don’t know whether the following is helpful to clarify how things work: How PureBoot uses the TPM for trusted "boot measurements"