They can't patch Fusee Gelee/ShofEL2, but I'm thinking they have a few options.
e.g. they can put in massive checks (for nulled cert XCIs, or fake ticket NSPs installed, etc.) and then burn like 100 fuses when they they detect such a thing (can fuse programming even be done from Horizon, or is that a bootloader only thing?)
That means you'll never be able to boot normally again, you will need to use Hekate/CFW/SX OS everytime.
Then they can just detect CFW and ban you for that, OR, they can then detect the "booted from RCM flag", which someone said was supposedly detectable by Horizon OS (although you can avoid being detected if you are follow a procedure like: RCM -> Hekate -> do stuff like backup NAND -> power off and then reboot normally without RCM... basically never boot into HOS if you booted from RCM). And then they can deny all online access when this flag is set (they shouldn't ban just for that, as RCM has actual uses like for repair, but who knows), and show you a dialog asking you to restart normally.
I think that would be a bit far-fetched though. All that will do is catch a few quick updaters, before devs patch out any new fuse burning stuff and RCM flag checks/any other checks.
I think the more realistic scenario is they change how eShop requests work, and after a week or so grace period, "flip the switch", and thus kill CDNSP like they killed Freeshop for the 3DS.
This is all speculation anyway from a rumor.
The ONLY sure things are:
- Fusee Gelee/ShofEL2 will ALWAYS be there and NEVER go away for units that are vulnerable, and
- the CFW/HB devs will eventually find and patch out any new checks they add into Horizon
unless SciresM, Raj, Rei, the entire Reswitched team and Ping Long all fall into a cliff before FW 6 is released (and even that is just delaying the inevitable)