Comment 43 for bug 1361360

@ttx
I think it makes sense to address the 'authenticated thread exhaustion' issue regardless. Even from a non-security standpoint, it could help to prevent an accidental DoS by a poorly written client.