short of blocking memory access to the landing area of the jump from arm9, they can't really, from the code i read, Key0 is used in place of Key0 (if i read right), which is used to generate other keys, so it would be annoying for them to poison the key and handle the weird cases where people reboot or shutdown mid update, they won't do that then. they won't be preventing to overwrite to firm0/1 from arm9...because that would be kinda stupid and inf not impossible, pretty close to it.
the magic of OTPless a9lh install process, is that at the end it only relies on 3 modifiable things : firm0 partition to be replaced with 10.0 NFirm, secret keysector 1 to be replaced by key in slot 0 (if i read right the code) and to be able to setup arbitrary memory which will survive a reboot.
The first requirement, we can take it for granted, as arm9 kinda has full access to nand memory, so there's that.
the second requirement, as i said earlier, short of poisoning the key we use to trigger the initial otpless jump, they can't do much about
the last requirement, i would be tempted to say that there is no way to change the logic of the mcu reboot to not clear arm9 memory, but they already updated mcu firm in the past, so we never know, but i'd say that if they were to fix otpless, they'd go for 3, as it would be the safer to implement imo.
but do they really wanna go all the way to simply slow down a9lh install ? because they can't really FIX future a9lh install, since the old method is kinda... unpatchable in software only form.