How does flashing work, who controls the writes? I remember reading about hacking the controller of an SD card to override the read/write functionality.

I think if the bootloader is overwritable, it could lie to you about reflashing the boot partition...

It varies by device. Obviously something has to handle writes, but generally it's a lower stage that isn't easily writable itself.