Another issue using websockets over http in this case, is it defers the abuse protections completely to the application servers (or custom proxies) meanwhile hogging whole tcp streams in load balancers. In existing http infra, load balancing and resource abuse protection can happen in multiple tiers sparing the application software (and more specifically relay developers).
That said I'd argue almost all web abuse protections are handled way before the client request even makes it to the application server. And it's done very quickly.
