No, it doesn't.
If you are integrating bitcoind calls into your service it should only be accessible by localhost/127.0.0.1 so only the site can make rpc calls. If you are worried that someone will be making alot of requests, you can make a custom spam blocker server side.

EDIT: Not sure if it crashes if enough requests is made though, I believe it depends on the machine it runs on.