It hasn't been common in the program committees I've served on, and I think that's mainly a function of people generally knowing what the expectations are. I've had my own papers get review comments like "good work, but we need you to include justification for why your approach isn't illegal under the CFAA." Authors (myself included) are generally very receptive to that kind of feedback because it helps keep us out of trouble down the road.
Here's an example of a disclaimer that shows the authors were acting in good faith (not mine):
>As performing a security analysis against a running election server would raise a number of unacceptable legal and ethical concerns, we instead chose to perform all of our analyses in a "cleanroom" environment, connecting only to our own servers. Special care was taken to ensure that our static and dynamic analysis techniques could never interfere with Voatz or any related services, and we went through great effort so that nothing was intentionally transmitted to Voatz’s servers.
