I think it may have been ignored because the cpu limits were set based on keeping replay time from getting too long, and replay doesn't check signatures. There might be merit in having two different limits.

Alternately, keeping p2p sync from getting too long may be a better target than replay, in which case the CPU limit should just include signature checking, as you suggest.