Hardware "patching" wouldn't be a patch at all. The device would have to intercept read commands and supply the data from either internal memory or an SD card (CF is too big to fit in the slot).
Reading from internal memory would be comparatively easy. Once the DS Card interface is implemented (that is, the card supports fully encrypted communication with the DS in all modes), it is not too hard to supply the data from memory (flash ROM). This is possibly already done in the NinjaPass (that is, if it doesn't need patching, not too sure on the details).
Reading from an SD card is harder. The DS expects a reply from the card within a certain time frame, and SD cards vary greatly in speed (I've had trouble with them in the past). Since the DS Card device cannot guarantee the data will arrive from the SD card within the expected time frame, it would effectively have to buffer the NDS ROM to it's own internal RAM, almost like the M3. However, since DS ROMs are already up to 128MB in size (and could get bigger), this isn't an economical option.
This is why patching is easier. The NDS ROM can be patched to read from the SD card directly, by issuing commands through the DS Card device. The device will probably translate between the software and the SD card, but the software still needs to be patched to wait for the data to be ready.
On-the-fly patching is easy enough to do. All commercial DS games use the Nintendo SDK to access the card, which means they all share the same card access functions. These have a certain signature that can be found and then overwritten with the functions to access the DS Card device instead. This is how ALL patchers operate. On-the-flypatching does this as the NDS ROM's binaries are loaded, rather than before the ROM is written to the media.
The issue with patching compatibility is due to the official SDK being updated. When this happens the function signatures change and the patchers need updating. This is easy enough, as PC exes and the device's firmware can both be overwritten. There is not too much to worry about, since mainstream flash cart/card manufacturers will continue updating as long as there are new customers to entice. [Insert anti-piracy statement here -- I'm sure you all know my stance by now.]
The problems with on-the-fly patching arise when the functions are not only in the startup binaries of the NDS ROM, but in code overlays too. There are various other technical issues (like startup speed vs searching for all possible signatures) that also need to be considered.