I'm only saying that validation depends on validating the event id AND the signature. Only doing half validation is exactly as secure as doing neither.
But regardless, I think validation is mandatory at any performance penalty.
Discussion
nostrudel now does this if you enable it, i suspect that many other clients don't, at all
you want to try and change the way protocols are implemented, have fun staying frustrated