Yes a FAT partition is required for the boot partition of a UEFI machine.
Could "they" develop a virus to destroy or damage the UEFI-partition?
Yes they could (and probably will) find ways to breach the security. This has always been the case and always will. In my mind UEFI is an improvement over BIOS, and secure boot does in fact make it harder to boot into a rootkit. The whole idea of secure boot is that the binary being loaded must be signed. If it is not signed it will not load. In my case I sign my own binaries so I know that no rootkit will boot. It is possible that a third party application within windows (or linux) could install itself to the boot partition but they would then need to become signed. I don't know enough about the windows signing method to comment but on my linux machine this would be impossible.
The MBR has gone and replaced with a GUID (aka GPT "GUID Partition Table") which stores backed up info at the end of the drive too, making recovery of corrupt partitions easier. In any case I immediately imaged the EFI system partition when I bought the laptop as I knew there was a chance of me breaking something. At LBA0 (first 512Kb) there is a fake mbr so if someone installs the older MBR it will not destroy the GUID. The primary GPT header is at logical block 1 and there is a secondary at the last readable block LBA -1 of the disk.
As of today the boot partition can not be anything else but FAT. The firmware is hard coded to only search for this type of partition. Another attack vector could be replacing the FAT32 driver that is loaded but again I am speculating.
My advice is to buy UEFI/BIOS hybrid which is what I have. I can switch from UEFI mode into CMS (normal bios) mode. I recommend this because UEFI is not going away. Everybody will have to face the music some day but it is nice to have something as familiar as the bios when starting to tinker.