Agreed, although I guess the bootstrap time for that is a little on
the high side, and maybe a little too chunky on mobile devices

With warm Tor directory caches it's surprisingly fast - fast enough to be usable and I'm a notorious stickler for low latency UX. If you want to do LOTS of lookups so you can cross-check and merge their answers, that's slower of course.

With cold Tor caches it's indeed too slow. However, reaching "tor by default" is a part time hobby of the bitcoinj project for a while now and there are plenty of ideas for how to make things fast enough. For instance, using a cold cache whilst simultaneously refreshing it in the background, doing nightly refreshes when charging, lengthening the expiry time, and the Tor guys I believe want to implement directory differentials too which would also help.

 
My current thinking with Electrum (that ThomasV and I have bounced
around) is to make the default policy DNSCrypt -> fallback to
OpenAlias API pool (which can return DNSSEC data for verification) ->
fallback to default resolver.

That seems reasonable for Electrum. I don't strongly care about these protocols myself (and Justin knows this already), but whatever is decided should give maximum freedom to wallet developers who disagree with you and wish to explore other tradeoffs.