I remember some years back playing with WD hard drives, and reflashing
the firmware: it was possible to effectively engineer an exploit that
could spread across disks, and infect hosts.
We spent a little time working on the controllers, before we realised
the obvious - that by that stage the game was already lost. If you were
inside the box you had control anyway.
The principal risk in USB is exactly it's versatility and
accessibility. (I don't include eSATA and eSATAp here.)
So Yes, USB optical drives carry the same risks identified under the
USB drive heading.And it Is possible to attack SATA controllers, but far
less likely than for USB.
And frankly, you have to trust *something*. When you come to install
Qubes, you are trusting that your hardware isn't already backdoored, as
made clear in the first para.
unman