Well, since the cat is out of the bag (kinda...), my idea (which has yet to be tested), that actually happens to be inspired from an existing xbox360 hack, is to pull the reset line for the ARM SOC for a shorter amount of time than the officially documented/required 5 clock cycles (cf.
http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.faqs/ka3980.html ) in order to clear registers while having the ARM9 still running our code, this could be achieved as an automated and carefully timed process with a bit of soldering skill and an adruino board.
The concept would be to run a loop that would copy ordinarily unmapped locations somewhere else in memory for a later possible retrieval (somewhere that doesn't get overwritten after a reboot), as setting such a state on the CPU could potentially render it (and the whole system) quite unstable.
The idea relies on the fact that on most cpu architectures, one of the first step performed during reset is clearing the registers; assuming the bootrom is a mask rom that is mapped to memory which then later becomes inaccessible when a specific register is set, if said register gets cleared the area should become accessible again (again, this is, at this point, theoretical until proven otherwise)
I wanted to try this first and, should it work, document it in a proper place (like a wiki) rather than on gbatemp. I appears I wasn't given much of a choice in this matter.
P.S. Yes, I am aware of the documented (on 3dbrew) exception vectors vulnerability, the hack referenced in my post however, should it work, would be a lot easier to pull off.