the 500D got announced in march'09 and we only just got a FW update for that one so it could be quite a while before we'll see an 'official' update and even then there's a good possibility it'll use the same encryption as the service one. Don't get me wrong i own a 550d too and would love nothing more then getting some custom code running, as it looks right now things don't look to good for short term, there's still plenty of other options left though.
Given how close the 550d and the 500d are and that we have a 500d dump it could be worth looking in that one to see if there's a flaw somewhere we can exploit and get a dump. My main interest would be figuring out if it has an autoxec.bin , autoboot or something similar that runs unencrypted code.
USB has mainly been unexplored on all canons there's been several reports of people getting their camera back from service and it enumerating as "DCP Connect" even in my ancient s2is there are references to a DCP mode in firmware, perhaps we can figure out how to flip a camera in/out that mode and what options are available or perhaps what undocumented commands are available in regular PTP mode, analysing dumps of camera's that we have could greatly help there.
Given that there are little repeating patterns in the 550d serice FW and none of the xor algorhitms seem to make any sense, lets look around, the point and shoots use AES-128-CBC which could account perfectly for the even distribution we see in the 550fw, I'm not having my hopes up here but I guess it couldn't hurt to try some of the known AES keys from the P&S range canon uses we might just get lucky
There was some talk on the magiclantern list about a backdoor in the firmware loader using a serial port, that could be worth exploring, has anyone ever figured out the pinout of the connector in the battery compartment? If i'd had to expose a serial / debugging port thats where i would put it
Given how there's an arm in there and most arm cores come with a JTAG (5 pin) or SWD (2 pin) support build right into the core, it could be worth exploring if they are exposed somewhere.
So plenty of idea's/options so little time