CRL size aside, point is that it seems to be something that can be included in patches and that if it is, can cause your console to get banned without needing to go online.
Write protecting the NAND chip seems to be a way to avoid an accidental patching of the thing, but will mean that you cannot get anything done if your console is connected to live, as it will get the 'mandatory patch' message, if it hasn't been banned from the live service itself yet.
It also, as has already been mentioned in this thread, causes issues such as default settings resets. On its own this doesn't necessarily pose a great problem, as it means one has to go and change the resolution you are running games at; I imagine that's about all that's 'serious' about that issue.
What I would be more interested to know then, is about the block failure functionality; do the blocks get marked as bad permanently? If they do, then excessive use of the write-protect functionality would gradually reduce the available blocks for usage on the chip, and ultimately result in it becoming unusable, correct?
If so, then that, in my opinion, means that one is left with no option other than retaining a solid backup of the NAND chip's contents so that if something goes wrong and you get the local ban, you can reverse it by rewriting the NAND with the 'good' version.
I have to wonder if M$ doesn't have publishers updating the CRLs in 'older' wave data patches as well - ie; just because you wrote a wave3 to your disc instead of wave4, doesn't mean your console hasn't been added to the 'source' wave3 data that you've gotten ahold of. I guess a simple way to avoid this is to make sure that you are always using the oldest-known available wave3 data for patching purposes.
tl;dr
So it looks like keeping a backup of your old NAND data pre-ban, and patching wave4 games with wave3 data is the only way to go if you want to avoid the local-ban, if you've already been flagged, for now.