Are you referring to unbounded hashed bytes for sigops? Why not bound them? And are all these transactions isStandard()?
Example transaction.What kind of transaction could take that long to validate?
a large transaction with a lot of SIGHASH_ALL signatures, basically
The problem is that the algorithm used for SIGHASH_ALL is O( n2 ), and requires that you hash 1.2 GB of data for a 1 MB transaction.
Sensible bounds on memory usage per tx or time based rules mitigate or solve this entirely.
If you are putting so much into a tx, then you are exceeding isStandard() rules anyway.