If you watched the talk on PS3 at 27c3, you know that barring incredible amounts of rewrites to the PS3 hypervisor and other things, the PS3 itself only needs one thing, not two, to get hold of the ability to run a Henkaku equivilant on PS3.
The LV1/Hypervisor for the ps3 does not properly enforce protection. Because of this, it grants all requests that LV2 makes. As such, when LV2 is hacked, so is the PS3 as far as Henkaku (not ENSO) would be concerned.
This means that any part of LV2 being hacked means instant ownage for the system. The only question then is...what are the permissions of the web browser in the first place?