New ideas! Food for thought: I just talked to some people who are a bit better with hardware than me, and someone mentioned the idea of using "broken" cables. For instance, using a serial cable with a null-modem connector that has some wires flipped. My understanding was that there's no reason the other pins can't be used identically, it's just more "convention" that pins 2 and 3 are used for tx/rx...? So if you connected that wacky cable, it is theoretically usable with the same bandwidths, but nothing on your system would recognize it as a usable serial cable. You could probably do something similar with ethernet (which is easy to make yourself).
Another variant of that was that you could use ethernet but configure one machine with "broken" settings. You could set the machine so it would never even get itself an IP address, you could transmit data via byte-padding ping/arping packets. That's a pretty crazy idea. Basically take things one level lower than most apps operate at.
A more software-oriented solution came out of that conversation too. One that might actually make me feel comfortable about serial if I can make it work. Actually remove the /dev/ttySX devices from the system, create new files in their place with chattr +i them so they can't be removed, then make them root-only-everything. Then create a new device file in, say, /home/username/armory-tty using mknod, using char blocks (4,64) (which is the block to identify that the device is to be assigned to the next serial device that is attached). Then setup Armory to use /home/username/armory-tty for serial communications.
That would pretty much kill everything. Even things that are smart enough to search the /dev directory for serial-capable devices. Any getty's would become invalid. Could it be further modified, using chmod 700 for my username/group, so any other non-root processes couldn't access it even if they found it? Would that interfere with the system assigning serial devices to it?
By the way, here's the code my friend sent:
# check inittab for a getty (look for a line containing ttyS0 that is not commented out)
cat /dev/inittab | grep ttyS0 | grep -v ^#
# check for a getty running on the serial port
ps ax | grep ttyS0
# check for anyone else using the serial port
fuser -v /dev/ttyS0
# try to kill the offending process(es)
fuser -k /dev/ttyS0
# remove the standard serial device and install an useless and immutable placeholder instead
rm -f /dev/ttyS0
rm -f /dev/cua0 # also remove legacy 'call-out' device if it exists, just in case
touch /dev/ttyS0
chown 0.0 /dev/ttyS0
chmod 000 /dev/ttyS0
chattr +i /dev/ttyS0
# create a 'new' serial device that no standard program will go looking for
mknod armory_ttyS0 c 4 64
# show configuration of serial device
setserial -a /dev/armory_ttyS0