There's not really a way to ensure a NAND backup has a (working!) exploit installed. I personally think it would be better to have a separate exploit uninstaller, anyways. There's a script for exploit uninstallation written by me somewhere on the web (can't even find it myself right now). Additionally to fixing the NATIVE_FIRM, you'd have to fix the secret sector. It's about the target audience for these scripts. Someone who knows their way around the 3DS and GM9 will have an easy time fixing anything from ntrboot. Someone who has not... will perhaps run this script (cause, who doesn't want "safe"?) and be surprised by the results.