Note that this doesn't excuse Tesla here, since the situation I discussed is very rare, normally if that module fails the vehicle will still start and run. Tesla engineers should absolutely have been aware of this issue, as pointed out up thread there are multiple tutorials for ras-pi SD memory preservation, and I have trouble believing a competent EE shouldn't be aware of life issues due to eMMC. It also shouldn't brick the car, normally automotive electronics are designed very carefully to avoid single points if failure, with fallback routines and safety "limp-home" modes in case of problems.
Wasn't preventing this one of the design goals/selling points of CAN?
Near as I could tell from my scope, the APIM was spamming the bus with exactly the right frequency to interrupt the ECM during it's scan of critical sensors. It was an extremely rare failure, and to Ford's credit they covered both the repair as well as my shop's diagnostic time.
edit: To make it clear, I have seen 2 vehicles that still operated with a direct CANBUS short to ground, as well as a vehicle that had CANBUS shorted to 12V+. In these cases, aside from expected failures (such as the BCM systems not responding, or transmission limp-home), modules were able to fall back into either safe states (limp-home, in the case of the TCM) or just a dashboard warning light (in the case of BCM no-comms).
Thanks for the anecdote!