My thought process for this was influenced by:
1. Text processing algorithms which use request_module() to load at runtime for algorithms which are not in kernel. Again, if proper case is exercised here -- not loading outside modprobe path etc. it should be fine.
2. Coming back to usermode helpers, we already allow modules to be modprbed through external helpers, so a similar approach can be used. If someone can write to a sysctl/procfs maliciously, then system is already compromised. I was thinking of reading from a pipe using a usermode helper similar to how core dumping function uses it to write instead.