Further, since the computation is implemented in Javascript, it should be possible for a spammer to take the code and make a much more efficient implementation in a machine-near language, such as C. Let's hand-wave and say that would raise performance by a magnitude - and that's probably very pessimistic, really.