The ACPI system is a subsystem of the BIOS, which itself is patchable firmware. I would never exclude the chance that ACPI code could get executed, no matter which OS one is using actually - There are also PCI devices containing (patchable) firmware etc.
Unless one would be using an open-hardware/openBIOS based system, I don't think that security could be achieved on modern (x64) hardware with all its patchable firmware components. You can only 'limit the attack surface' otherwise - That approach might work or not. I'm certainly not a fan of Shuttleworth, but in my opinion he summarizes this whole issue quite well:
https://en.wikipedia.org/wiki/Advanced_Configuration_and_Power_Interface#Security_risksAs far as I know, the Raspberry PI does not contain any hardware component, whose firmware could be 'patched' without having physical access to it, so maybe that would be a starting point (or any other system, where this is applicable).
Then you would still have to deal with software based exploits, but at least one could fix those once having detected them. But if your system contains hardware with 'patched' firmware, this would be far more difficult if not even impossible.