I got the huge (but pretty) Thinkpad T510, with a big screen. It is good enough that I don't use my Macbook Pro all the time now. I've been doing some work on Windows 7 (mostly unrelated to Windows.) It has a gorgeous screen with high contrast, and great battery life. Quite a departure from the other PC laptops, even if it's moderately huge.
One technology is Intel's AMT. It runs a webserver on port 16992 underneath your operating system. It's not entirely obvious how to login or change settings for it. I never figured out how to change the settings, but I was able to disable it through the BIOS.
AMT allows remote reboots, remote web access, and some access to the filesystem.
Intel's RPAT allows remote KVM, also below the OS layer.
Intel's AT is an anti-theft technology that can keep the computer from booting.
All this stuff is shipping on new laptops, some of it vaguely "on". In theory your IT administrator is supposed to configure it and use it to do stuff to your computer, and it's all magically secure for the enterprise.
But this sort of interface massively increases the attack surface to a regular machine. And any worms that manage to also infect this layer could have some serious impact.
And just to be a little bit offensive: my computer shipped direct from China with all this stuff turned on. Given Google's experience earlier this year, configuration like this should probably be turned off by default. Even if it's just to make me feel better.
Consumers shouldn't feel paranoid when they inspect your default settings.
But it is a fine machine otherwise.