Absent the Schnorr sigs enabled by segwit, 2mb blocks would require "other general tweeks" in the form of restricting old style quadratic scaling sigs to some magic number maximum.
The initial depoyment of SegWit will not enable Schnorr signatures, will it? Won't they require a hard fork anyway?
Even with Schnorr signatures, the miners would still have to accept old-style multisigs produced by old clients, right? Then an attacker could still generate those hard-to-validate blocks, no?
As a temporary fix, a soft fork can be deployed limiting the max number of signatures. Even a low limit like 100 is no restriction, only a small annoyance for the few users who would want to use more It woudl be a good use of an "arbitrary numerical limit", like the 1 MB limit was when it was introduced.
But there is no logical reason why signature validation should take quadratic time. That is a bug in the protocol, that should be fixed by changing the algorithm -- with a hard fork if need be.
(By the way, [for a couple of hours today](
https://statoshi.info/dashboard/db/transactions?from=1458258715516&to=1458259562505) there was an apparent "stress test" where each transaction was 10 kB long (rather than the usual 0.5 kB). Was the "tester" trying to generate such troll blocks?)