1. If people have the ability to write to flash, can't we just modify the bits that cause the photo viewer to run in user mode to instead cause it to run in kernel mode? Would changing such bits cause the whole system to not boot (the result of failing some signature check)? If not, wouldn't modifying the photo viewer thread to run in kernel mode be easier than writing a downgrader, at least for now? Also having a kernel mode thread would reveal oh-so-much more for everyone working on these things.
2. If user mode threads do not receive memory when they ask nicely for it from the kernel (assumption: someone has tried and found that the kernel won't give the thread additional memory, otherwise the 64 KB boundary would be gone), are commercial game main threads all kernel threads, or do they simply just not use dynamic memory at all (seems unlikely)?
I would have put this in Speculation but I don't think anyone reads that trash.