I'm extremely late here, and also not at all an expert, but I don't think it's completely impossible.
If a low enough level exploit is found for a given fw version, then, hypothetically, we could have an updated emuNAND. SysNAND would boot properly using the real eFuse count. From sysNAND, we could load emuNAND and pass it a fake eFuse count that it would use to boot properly. For the sake of example, we'll say this count comes from a file called Fuses.bin.
The trouble comes in updating emuNAND, as it would still try to burn eFuses. If we could redirect the commands that would normally burn eFuses to an emulation layer that simply writes those changes to Fuses.bin, then we could update emuNAND without it actually burning any fuses. SysNAND still boots happily with the real eFuse count, emuNAND boots happily with Fuses.bin.
This is probably a lot easier said than done. The commands to burn eFuses are probably baked in to the kernel (or maybe even lower than that), so we'd have to be able to run code at an extremely low level in order to redirect eFuse burns. Worse yet, Nintendo could potentially change their code in a way that bypasses the emulation layer. Since the system panics when booting with an invalid eFuse count, this could mean that updating emuNAND could actually brick the system.
On the bright side, since there is a physical limit to how many times Nintendo can burn more fuses, they have to be careful about choosing which updates to burn them in. It's unlikely that Nintendo would continuously try to patch eFuse circumvention, as they simply can't afford to be burning fuses in every update, and changing the procedure in every update does them no good if they only actually use that procedure in a fraction of the updates.
Again, this is all hypothetical and quite far out there. Many things need to happen before any of this can take place, such as near hardware level code execution, analysis of how the eFuses are burnt, and analysis of the update procedure, not to mention that there is probably a notworthy amount of encryption that needs to be broken along the way.
TL;DR emuNAND and/or eFuse bypassing is pretty far away, but it's definitely not impossible.
EDIT: I should add that this is ONLY for having a low firm sysNAND and updated emuNAND. This kind of exploit would not allow for downgrading. In fact, downgrading is probably not possible without modifying the firmware and/or certain parts of boot code.