Current, the code for running checkuser via the api includes the following specification for the limit parameter:
'limit' => [ ApiBase::PARAM_DFLT => 1000, ApiBase::PARAM_TYPE => 'limit', ApiBase::PARAM_MIN => 1, ApiBase::PARAM_MAX => 500, ApiBase::PARAM_MAX2 => 5000, ],
I suggest that the default be lowered to 500, which is the de-facto limit, since (as far as I know) there are not any bots that have CU permissions. Uploading patch now.