From the DocuSign "API Requirements Information":

[Y]our API certification review involves verifying that you do not exceed 1 status request per unique envelope per 15 minutes for polling compliance for the following methods: ...

REST API: GET /accounts/{accountId}/envelopes

How stringent are these requirements? If 99% of my users will only make 1 status request, but a few (who sign up around midnight) will make 2 requests in close proximity to each other, will my API access be revoked? How risky is this?

The guidelines mean that you should not allow end users to continously click through to docusign to fetch latest status.

As Jeff says in the comments, you should use the Connect api, or per-envelope callback, or cache the status responses, making an actual request to docusign no more than once every 15 minutes per envelope.

Maximum polling frequency and status architecture is one of the key issues that the certification process seeks to investigate.

You could also disable your "status" button for 15 minutes after a request. But that wouldn't be a good ux. Better to effectively disable it via a 15 minute cache. - - like the close button on elevators.

Added

The per-envelope callback parameter is eventNotification.