From looking around online, I had seen that using the watchdog aspect of the arduino is not the best idea because with the arduino bootloader it can sometimes get stuck in an infinite reboot sequence which would not be good, as this device will be far far away from any other humans.
That depends on the bootloader. The advice in the Atmel datasheets say the first thing the bootloader should do is disable the watchdog timer to avoid this...
All of the bootloaders that I have looked at in the current source tree CAN clear the configuration and check to see if the reset was due to a WDT, and if so immediately start the sketch.
For example from the source "Arduino / hardware / arduino / bootloaders / atmega / ATmegaBOOT_168.c"
ch = MCUSR;
MCUSR = 0;
WDTCSR |= _BV(WDCE) | _BV(WDE);
WDTCSR = 0;
// Check if the WDT was used to reset, in which case we dont bootload and skip straight to the code. woot.
if (! (ch & _BV(EXTRF))) // if its a not an external reset...
app_start(); // skip bootloader
So if you have this bootloader built with WATCHDOG_MODS defined, then you get deterministic watch-dog behaviour... and the restart-time is faster because the boot loader skips all the hanging around for a sketch download to start.
It does seem like a simple software configuration problem to me:).