Reading a little further, I stumbled on the "User Guide" for the EP9302, which details the boot process.

In section 4.1.2.2, it details how the internal boot room chooses which method to continue booting from. One of those modes is to read 2048 characters from the UART, put them in a buffer, and then execute that code.

The boot ROM will output a "<" character when it is in this mode. I did, indeed see this character when I was poking around in the boot loader mode, but I had attributed it to garbage characters from turning power on/off.

So, we have a possible attack vector by loading up to 2K code through UART and executing it. Since the flash memory is a 56 pin TSOP and I do not have the appropriate adapters for that yet, I am going to look into putting together a little program that can dump the memory over the UART.

And..... it appears the EP9302 is used in the Vex Robotics platform. I'm going to bet that someone has already wrote some code I am looking for! :)