The stack actually is executable on firmware 3.0, at least on my iPhone 3G S
User databases are actually accessible directly from sandboxed applications (the frameworks are just wrappers around SQLite or whatever format the databases actually use)
I highly doubt that the stack is executable. I'll write some code today to test this.
User databases are really not accessible from sandboxed applications. They are simply not in the sandbox filesystem space. What frameworks like the AddressBook do is open the database before the app is launched and then pass the app a file descriptor or Mach port to communicate with the database or 'service wrapper' around it.
I think whether the stack is executable depends on your compile flags (or rather, some bits set in the mach-o headers that the nested_functions compilation option sets)
Some user databases are in fact readable/writable:
The stack actually is executable on firmware 3.0, at least on my iPhone 3G S
User databases are actually accessible directly from sandboxed applications (the frameworks are just wrappers around SQLite or whatever format the databases actually use)