I think you are right to be nervous :-) What I did when updating from 9 to 10 on a RPI3 running as earmv7hf-el was to vnconfig the img and extract the contents of /boot and update my system. I did this after the new kernel failed to boot by putting the image in another machine, I think, and then I was able to do the other 2 remotely.
I don't think there are any deep technical reasons. On traditional systems there is "/usr/mdec" which contains all of the low-level boot code. Except that on those systems, it's really boot blocks that are put in the fs to be read before the fs is accessed (mbr, bootxx), and then later-stage boot (e.g. /boot). On the RPI and similar, AIUI there's a lot of code that the system needs to get to the point of starting to load the OS. On one hand that's sort of outside the scope of the OS, but on the other it's the OS that should be updating it. Thus, I'm not really sure what the right answer is here, but IMHO all the bits that need to be on the boot media should somehow be installed as part of the base system, and there should be something like 'installboot' or some other procedure to align the boot media to the installed systems' version of them. My guess is that people would mostly agree with this in theory, but it's real work to get from here to there. As always, I could be missing something. I know, ENOPATCH!
