> Are these new programable cards capable of reading main memory, which > OpenBSD would not be able to prevent if machdep.allowaperture were > set to something other than 0?
Yes, they have DMA engines. If the privilege seperate X server has a bug, it can still wiggle the IO registers of the card to do DMA to physical addresses, entirely bypassing system security.