One of the attributes noted as unique about the Web Sandbox (versus Caja, ADsafe, etc.) was the incorporation of quality of service (QoS) capabilities. The sandbox actually monitors the number of statements executed, long-running code, excessive use of alerts, etc. so that the user can abort execution when the sandbox detects that the executing code has exceeded defined thresholds.
The Live Labs site is pretty extensive in terms of interactive samples and documentation, so it’s definitely worth a look to gain a better understanding of the vulnerabilities your site may face. There’s even a “Can you Hack It?” section that challenges you to try to break the Web Sandbox.