It's designed as encryption at rest for want of a better term. That's it, you seam to think the tpm stops malware or soemthing which which of course it doe not.... That's what your av is for obviously. Secure boot is another story but we are talking about tpm here purely for encryption.
Thing is TPM can be utilised (along with secure boot, etc.) for means far beyond just encryption, and if it becomes a basic requirement things are going to push that way - it is already marketed using "think of the children" tactics as stopping malware, preventing cheating in games, etc. TPM can be used for remote attestation as in taking away from the user control over whether they can or can't run certain software - which at a superficial level might seem like a good idea for say banking apps but unfortunately it goes much further than that and will start to become a requirement for even the most mundane things removing choice and control from the end user.
TPM itself isn't the problem, there are even desirable sides to TPM but it does facilitate the implementation of mechanics which are actively hostile to the end user and things will start to lean that way over time.
To quote from a post on Stack Exchange:
"Another criticism is that it may be used to prove to remote websites that you are running the software they want you to run, or that you are using a device which is not fully under your control. The TPM can prove to the remote server that your system's firmware has not been tampered with, and if your system's firmware is designed to restrict your rights, then the TPM is proving that your rights are sufficiently curtailed and that you are allowed to watch that latest DRM-ridden video you wanted to see. Thankfully, TPMs are not currently being used to do this, but the technology is there."
The way Microsoft is more and more trying to take control of the desktop away from the end user this doesn't go down a good road in the long run.