Almost no service in a systemd install actually causes the boot to fail. Basically only file system mounts can do that, and very little else.
But in general this discussion is really pointless. If you write a syscall filter list, an SELinux policy, a capabilities list, or an apparmor policy: they all have in common that you need a good idea what a specific program is allowed to do and what not. So syscall filter lists have the same "problem" as any other security technology, there is nothing new in this.
Note however that of all these techs listed above writing a syscall filter list is probably by far the easiest though since most admins probably played around with the tool for that at least once in their life: strace.