There is a roughly 1 in 2^128 chance (not worth worrying about) of a random 256 bit key not falling in this range.
What would happen to a wallet program if this happened?
The wallet should be checking that the keys generated are in that range. If it is not, then a new key should be generated and the first one discarded.
Wouldn't everything still work but it would wrap around, basically becoming X - 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141? At least that's what math tells us - if group order is n, then G^(n+x) = g^n * g^x = g^x.