The only thing I have found that couldn't be done on an OS X device was run a custom kernel without breaking power management. Do you have any other examples of things that you can't do?

Can you modify system files and resign them so you can keep SIP working?

Probably, if you boot the kernel with boot flags that tell it to accept any signature. I haven't tested this.

