Re: "without ever getting saved to the file system first"
"but in ways it's less easy for an AV to spot them"
I would think that so-called "safe code" loading executable code drawn across the network would raise all kinds of flags in your anti-malware snakeoil of choice.