That was the point of choosing such a limit.
Picture a CPU core handling N things second, which can include a few megabytes of data which could be something full of a thousand integer strings (ie: JSON). It’s still possible to get something to spin an entire CPU core for a second in an application like that even with the 4300 digit limit in place. What isn’t possible anymore is getting it to spend infinite time by sending the same amount of data. With mitigation in place an attack now need to scale the data volume linearly with desired cpu wastage just like other existing boring avenues of resource waste.