If the carts were all standard and as simple as you are claiming then pirate carts would be trivial to make... sounds like that's what you are you implying at least. Obviously though, they are not and can't be done without certain info being obtained.
Pirate DS cartridges surfaced quite soon after the DS's release, and I'm not talking about flashcarts but about knock-off game carts made in China. The situation will be exactly the same with the 3DS - it's like this with every FLASH-based medium.
Hardware protection must exist in some way, i don't think the cart uses the same blowfish-encrypted every startup.. if that was the case then you could just feed the DS the read data and had a design that allowed a cpu/ram, a physical switch to switch between the read data. DS having pirate carts quickly is just typical Nintendo poor implemented i'd wager, didn't DSi block them too.. hardly seems like 'clone' carts.
People should probably just get out of a flashcart mindset at all anyway.. any method is very unlikely to require a flashcart. It's clear now that if you can boot an executable from the cart it's possible to sign it to boot from the sd instead. With updates the norm it doesn't make sense to go that route.
Edit: just thinking off the top of my head it would hardly need a massive cart design change to have something unique per cart that is not possible to read, or other methods involving a real-time clock prehaps. But the issue is Nintendo barely putting any effort into protection at all.. the 3DS doesn't even have the DS protection methods given to developers, so there's not even a backup plan or any other layer of security; while Nintendo makes statements completely ignoring their own role on ap.nintendo.com. Publishers should be actually complaining.