I heard that there is an article that solves your “second vulnerability”:
Since the early days of IOTA, some questions were raised about the
fact that the default tip-selection algorithm is…blog.iota.org
And I also read this:
“attacking the network at a low transaction point” - this should not be an issue if the “low” point is still really high — i.e. the network achieves really high scale. It’s not a real vulnerability now because of the coordinator until the network reaches a good scale.
What is your take?