I see your point around the risk, but ....Should a service pack over write stored procedures that are created for a specific subscriber? I can't see why they would...!?
I believe the real question here is wether SQL Replication is a suitable "engine level" technology to use when syncronising from a database where the tables and associated columns don't exactly match the subscribing database structure!?
Would you suggest using "custom" stored procedures, if they MS ones could disappear?, to overcome the problem and, in effect, filter the data (reduce columns) from the publishing DB to the subscriber DB. Surely custom sprocs would be "safer"!?
Also having a proper package release process would over come problems when installing service packs as you would have the correct package to "re-install" any customisation!?