There is a lot use of KVM outside of user visible VMs / XMLs. For example jenkins or docker can run in KVM. In such situations the libvirt XML files are often auto generated without the user being aware of any hardening that should be manually injected at XML creation time. Since the KVM related kernel hardening parameters do essentially nothing for non-users of KVM (I think?) I am very much for enabling these by default.
answered here Should all kernel patches for CPU bugs be unconditionally enabled? Vs Performance vs Applicability - #21 by Patrick