I searched gerrit in case anyone was working on it and saw this:
so we won't see it in CM, it seems
Now, what's the worse thing that could happen if NFC is enabled at all times? When I swipe an unknown NFC tag the phone does nothing (besides telling me).
I decided to compile my own CM10 KANGs from now on with a patched NfcService.java (running great right now), but I'd like to know of any vulnerability I might have overlooked.