At the extreme a small DHT can be thought of as a list of relays but worse because you allow anyone to join that list dynamically and without permission. So all it takes to disrupt that list is to: 
1. create many more sybil nodes than honest ones 
2. spam/DDoS the honest nodes to make them less responsive

and probably an attacker will try both for maximum effect.

a small DHT has less capacity than a large one all things being equal, the effect of churn is much more disruptive, but more importantly much more vulnerable.

You say a DHT of Nostr clients, but that needs using upnp or asking users to manually open ports, other wise clients are useless and only dedicated servers can count. Bittorrent provides a robust and proven supply of nodes willing to do that, because it had it is product market fit and there is no sign of that fading away.

If you think the risk of hardcoded relays not being enough (relays get abandoned, or overwhelmed, or censored) is low, then you should favor that over a small DHT. 

 a large DHT without eclipse attack protection can be worse than a smaller DHT with eclipse atrqck protection.
Wthout an attacker can occupy a specific area of the DHT with relatively few sock puppet nodes. With the protection the cant attack specific areas and need to just spam the entire DHT nodes to eventually attack the DHT keys they are interested in.

Also, if every DHT node supported holepunching and assisted new nodes with holepunching as well, things become a lot more useful.

The sybill attack mitigation and the assisted distributed holepunching is both supported by hyperdht which the pear and bare runtime use.

Would be cool to bundle it with a nostr node.

If all nostr nodes supported it, it would improve the resistance against the sybil attacks by an order of magnitude more than with other DHTs like bittorrent mainline