The problem is that these low-level breaks still need a high-level 'open-door' so to speak. We're able to get deep into the system because lower firmware (1.0.0 especially, though now very limited) are so compromised that they basically have a revolving door. This is on the same sort of stage as "we have a kernel dump". Its great!... but we need to find things that are useful in it to make it actually useful. The kernel dump is really the most important achievement but its also months old, because it means we can find potential compromises that run upward (though can still be potentially fixed) but you also have to break the walls down around the kernel to get at a lot of things. The bootrom is a big one too (if there's stuff that isn't locked behind TZ, which no doubt will be... like the key encryption algo) but you'd need a way to leverage it on higher fw, otherwise you're still coming in from the top-down and then exploiting what you learn from the bootrom to inject yourself somewhere along the boot.
And, again, the Switch has a lot of hard-burned 'identity' that is console unique. That means Nintendo knows what is trying to access their servers, so they can always blacklist it permanently, and no one is going to give you their cuniq string (which is encrypted with keys in TZ).
Your general user isn't about to hotwire their switch to start injecting compromises through the USB-C, after all.
And, again, remember that daeken remains very negative on higher fw compromises!