At first, I wondered if the browser could be used somehow to run an html exploit of some kind, but one user claimed that the browser is sandboxed. However, this puzzles me a little. I was under the impression that the 3DS games were sandboxed, running separately from the main system memory and that the browser used the main system memory in order to run parallel to the games. But if it is true that the browser is sandboxed, than perhaps there are other ways to hack the 3ds. There will soon be a messaging system to communicate with friends on your 3DS. I think once it's up and running, we should see if the letterbomb method works.
Also, somebody mentioned the circle pad add-on. The circle pad add-on will use the system's IR port to connect. Unless a way can be found to exploit the necessary IR handshake between the 2, it may prove to be a dead end.
But than there is also a possibility the street pass data could be exploited. I don't know of any ways it could be done, but it's worth checking.