I've been meaning to post this for ages and somehow I kept forgetting.

J.D. and I have long thought that many of the techniques used to do a security threat model are actually directly applicable to doing performance analysis as well.  The idea of threats and mitigations is quite general but more importantly a direct analysis of the architecture is invaluable and its something you can do very early in the lifecycle of a product.  Think of it as "testing" the architecture while it's still just a diagram.

A while ago J.D. produced this analysis which I think you might find useful: http://blogs.msdn.com/jmeier/archive/2007/08/28/performance-threats.aspx

The idea of testing the architecture is something I want to do a lot more of in the next version of Visual Studio (but more on that another time)