With connection-less trading a sudden trading spike is indistinguishable from a DDoS attack.

Because setting up and tearing down TCP/IP connection involves several small packets you will learn that your networking infrastructure has two limits: bps (bits per second) and pps (packets per second) and you will be governed by the pps limit (while staying far away from bps limit) during the most important periods of the trading. The connection failure rates will greatly increase, this will be visible on your side as storms of inquisitive verbs (STAT, STATJSON, etc.) The quote/status dissemination during an active trading is just so much more efficient with the stream-oriented protocols that there isn't much room for discussion when comparing it with RPC-style polling.

In addition to the above "ideal world" failure mode, in a "real world" case when somebody actually tries to DDoS you you can mount the defenses much cheaper and much more efficiently if you'll require keeping up the connection while trading.

Socially, I find this RPC-trading phenomenon puzzling. The very same people who obsessively tune their gaming rigs for minimum lag suddenly are fine with the lag values several orders of magnitude higher when trading for real money instead of playing for toy money.