I'm not convinced that patching code into a running process [1] is any better than patching the binary on disk. That's the sort of thing that a fully secured system would not allow.
[1] Of course excluding programs that have an actual plugin interface, and the "patching" just constitutes using that interface.
[1] Of course excluding programs that have an actual plugin interface, and the "patching" just constitutes using that interface.