After benchmarking, the Arch Linux devs have found no significant perf cost in security hardening CFLAGS! https://lists.archlinux.org/pipermail/arch-dev-public/2016-October/028405.html (PIE etc)