We have definitely run into this, albeit only very very rarely. It's not viable for someone to build a usable DoS against us as an attack: our offices are on a whitelist and our set up prevents a viable attack against our internal infrastructure.

But yeah, like every tool, there's potential risks/down sides/things to watch for. There's no silver bullets!