a part of the video is load in ram, that's where you look. You put your compiled code in the file and it's loaded in the ram... (or a part... or something.. ahah)
Anyway, since there's sandboxing, it requires more then a user exploit like this... but it's still one open door... no? (if it's exploitable by any means)
you're right, maybe if inject a ARM Code like a Jump(B instruction) and a MVN or MOV to edit register r0(Program Counter), it's will work