Unavailable drupal.org leads to crashed cron

I had problems earlier today with crons getting stuck and failing. Depending upon the calling method, I would either get a 404 or a 'cron failed' message. Playing around with core's common.inc, I found that the hangs were the result of the call to module_invoke_all('cron') in drupal_cron_run(). That suggested disabling modules to find the culprit. Taking down update.module cleared my cron to run freely.

Conveniently enough, at the same time this was going on, I was unable to bring up drupal.org to help with debugging. This afternoon, drupal.org is flowing freely and my cron is working as expected with a re-enabled update.module, That leads me to draw the association that update.module is at fault here.

If drupal.org is slow or unavailable, shouldn't update.module's cron hook detect the issue and kill itself? Instead, it seems as if it currently freezes and cascades the error back up the call stack until crashing the original call to drupal_cron_run() (confirmed by first deleting both cron_semaphore and cron_last in the variable table, and then cron_semaphore re-appearing but cron_last missing). Unless I misunderstand the flow, this would cause subsequent modules with cron hooks to not get their chance to run, thereby killing a potentially significant number of necessary maintenance tasks just because of a slow or unavailable drupal.org.

If this is indeed the case, it presents itself as a possible attack vector through the use of a DoS against drupal.org and keeping thousands of Drupal-based sites from being able to successfully complete their maintenance tasks.

A slippery slope argument might be fun, but I'm really more interested in just having the crons not crash. Can anyone confirm this problem or else point out to me where my reasoning is incorrect?