The honest answer is that I don't know, because I don't know how much money the reddit tipbot handles or how long the money stays vulnerable to a potential bug in the software. This is criteria I suggest:
> for any piece of software from which it's possible to drain large sums of money
To which I might add "directly" or "quickly" or "covertly", but I think you get the intent. My edit to the parent comment also applies, since none of these is a binary value and risk management should match the assumed risk.
edit: I would say that the fact that it's only a few bucks per user is not relevant, especially if that limit isn't hard-coded.
