This is an interesting theory... I have tried replicating this on our test server, but cannot seem to do it. However, I have noticed that during the times that cpsrvd fails there does appear to be quite a bit of FTP activity (It could be coincidental too). The last couple of times it has failed the FTP activity hasn't been upload traffic though, it has been failed authentication traffic from one of the many millions of script kiddies out there, which throws the load theory out the window.
I have noticed lately that a few of our servers have been subjected to DDOS attacks against port 80. We have implemented scripts that will detect this and block the IP address that is causing this. When we were first seeing this we noticed a lot of httpd restarts, but now none at all. Is it possible that we are experiencing DDOS attacks against Cpanel as well? I have tried checking access_log, but it doesn't log 408's so it is hard to determine if this is happening or not. Does anyone know if cpsrvd has a MaxClient set (Like in apache), or is there no limit to the amount of incoming connections? If there is a limit, can this be increased?