It takes more work for the client to create the transaction than the network to process it.
ie the bottleneck is the client.
Have a look at this post on the speed of modifying structured data which found the bottleneck to be on the client. Maybe larger networks will be different. Also structured data has changed to mutabledata. So take the results with a grain of salt but that’s the only test I know of that comes close to trying to judge / measure safecoin performance / attacks.
The update rate for structured data is between 100 - 300 updates per second per user (on my private safe network).
The current bottleneck to increasing this is the launcher, which throws errors when the load becomes too high (around 1000 updates in a row).
Rate limiting from vaults will definitely be a big part of it, as others have pointed out.
But ultimately this just needs more testing, simple as that. I agree with you that it’s a concern, but not an insurmountable one.