So the tradeoff becomes do you want to have it in user space (where it would still vulnerable to DoS in this case) and sacrifice some speed
It's not just vulnerable to a DoS in terms of execution speed. The Linux kernel really loves killing inappropriate processes at inappropriate times when the OOM killer goes crazy. In a real micro-kernelish design, these processes would be granted exemption from the OOM killer.