I feel like send limiting is perhaps not that essential. If we really see BitCoin nodes OOMing because they tried to send data too fast that implies there's a bug elsewhere. For instance getdata requests have a size limit for exactly this kind of reason (it might be too large, but we can tweak that).
Ultimately, the goal is flow control. Your OS has a buffer for outgoing data. When that gets full, we need to stop sending more data, and wait for empty buffer space.
The worst case buffer size of a hacker is zero. The worst case "normal" buffer size 8k.
Since bitcoin needs to send more data than that in a single message, an implementation must choose: (a) store a pointer to the middle of the object you were sending, for later resumption of transfer, or (b) provide an application buffer that stores a copy of all outgoing data until it is transmitted. satoshi chose (b) but placed no limits on the size of that outgoing data buffer.
It does sound like the limits are tighter than they should be.