The interesting thing about return oriented programming is that it can even work on devices with harvard architecture, where code and user data are stored in completely separate memory areas (which was seen a a guarantee against code injection until quite recently)
http://arxiv.org/abs/0901.3482