The vulnerability window is proportional to the size of the reorder buffer (hundreds of instructions); the pipeline length (tens of stages) is not important (except on strictly in order CPUs with no reorder buffer I guess).
Also modern OoO CISCs and RISCs have very similar pipeline depths for the same performance/power budget.
