1:
In truth, I highly doubt it. All servers are DDoS prone. The reason this does not happen is because the number of computers that make requests should probably be more than the number of servers that they have. Google has thousands of servers and receives enough requests per second to display several small sites. In truth, a large team (and not 10-20, more than hundreds of thousands) will be needed, working together while simultaneously attacking. I am sure that now hundreds of people use their DDoS attacks to no avail. DDoS, keep in mind, is not illegal *.
2:
It is possible, more likely, that they do not want to waste bandwidth. With hundreds of users signing up for (usually free) accounts, they donβt need people downloading gigabytes of data for a subsequent request. Another reason is that they do not need gigabytes of "dead" data (data that is no longer used) on all servers.
* Based on the Computer Abuse Act, if you have not caused damage in the amount of more than $ 5,000 or DDoS to a hospital / government agency, this is legal.
http://en.wikipedia.org/wiki/Computer_Fraud_and_Abuse_Act#Criminal_offenses_under_the_Act