#9063 enables Guard discovery in about an hour by websites
There are classes of relay cells that don't count in the circuit windows. Specifically, only data relay cells count in the circuit windows.
So for example, a malicious website could arrange for the client to open 2200 streams to it, and then the website could close them all at once. 2200 relay end cells would work their way back towards the client. The #9063 (moved) fix would get upset and kill the circuit.