Tommi, I've not read full source yet (planning to :D)
But without even imagine the chaos you guys have to deal with I can spot two scenarios:
1 - BHO disabled
2 - whatever other case
I agree that BHO disabled should never show chromeframe in the UA, but do you agree that for everything else it should?
Specially for those who would like to serve different/specific content for frame when present, it does not matter if it is top level or not, something strictly related to the client and the DOM hierarchy, it matters if the top level supports Chrome Frame and everything else could be easily driven in both client and server side.
If there is a server side check for whatever reason about chromeframe possbility, leave it there, otherwise if BHO has been disabled, don't show anything.
Being BHO disabled in my opinion a rare/nonsense case (if there is the possibility why disable it rather than uninstall ...) I would always send chromeframe in the UA removing it as last process ever for each call before UA is sent.
If you need to anticipate the UA basing the change via registry ... well, I kinda agree things are not that simple here since I don't really know when IE network layer reads the registry the instant before the UA is sent so, in few words, I hope you'll solve soon this UA ambiguity (disabled or not? ... this is the only thing that matter, just my opinion)
Thanks for the reply and best regards.