So an object that is holding on to a lot of memory or a scarce native resource can get stuck in the finalization queue behind objects whose finalizers are making slow progress -- not necessarily maliciously but maybe due to sloppy programming.

Sloppy programming is not necessarily malicious?