k9lhax can't be patched or revoked without a new bootrom revision, something Nintendo seems to be adverse to. Also, so long as people keep up with all of N's binary diffs, they can't slip anything in without a lot of people noticing. I haven't seen anyone openly do that on like gbatemp tho, which sure is alarming (for public cfw users) since that means their changes can affect a huge number of users before they even realize what hit them.
Is now a good time to give Nintendo ideas? Now's the time for them to crack down on modified firmware in general. Have arm11 do an arm9 call to take a sha256 of process9's .text and send that on sign-in. If that differs (maybe if it differs twice, w/e it's implementation details) just ban the system outright. It would likely take so long for public cfws to catch up and work around this (if they even do either) that they could probably catch a couple thousand/tens of thousands of users. Particularly (importantly!) many users who've had their systems modified thru a paid service and aren't super knowledgeable about hax themselves would get swept up in this.
(This idea isn't new btw, it's what the 360 did and it effectively permanently shut 99.9% of highest-level-modified consoles out of their online services)