I don't recall if there's any form of write protection in place, but, if there isn't, yes, it's potentially trivial if you have root/shell access to the device.
But, more low-tech, how can you be sure the S/N that was reported is actually accurate? After all, it's far easier to lie than to actually modify the device
.
AFAIK, the recommendation stuff is handled server-side, so, if it was deregistered (i.e., blacklisted, which is what Amazon does if you inform them that your device has been stolen), and that actually took, doubly nope, as I'd imagine that'd both cut the cord, and wipe the userstore/settings on the device.
I've never handled blacklisted devices (but I do, unfortunately, have experience with the procedure from your side of things
), and I don't recall actually ever deregistering a device manually, so, take that with a grain of salt.
On the other hand, if the device was left in Airplane mode, it can't be made aware it's been kicked out of the garden, so, yeah, it would keep showing the same pool of recommendations.