Who rated this post

IPS bypass feature is created for customers who value connectivity more that security and cannot afford running full security checks in case of heavy load slowing down their business applications. This is a pure risk management subject and needs to be considered and treated as such.

Now, to your questions:

Q: What would have happened on an appliance that did not have IPS bypass enabled but were under heavy load?

A: FW will run high CPU and may cause some degradation on customer facing application, such as slow responsiveness, re-transmissions, etc. 

Q: Is "IPS bypass enabled" a way for attackers to successfully run an attack by first making your firewall sweat and then run an attack knowing that your IPS protections will not be enforced during heavy load?

A: Theoretically yes, but considering dynamic nature of the bypass, a supposed attacker need to have inside information about particular settings and thresholds and even the fact of it being enabled. This makes such an attack tricky and not really practical.   

I certainty understand your concern about elevated security risks with this feature enabled. As already mentioned, this is a risk management decision. Some customers might chose availability before security in some particular critical situation.