Why without relying on snapshots? Local, automated snapshots will reduce the size of the databases in the future. The database is likely shared on swarmnodes.
If you want to attack the tangle you have to overcome the network bound PoW CFB is working on.
Even now, while the normal PoW prevents people from spamming, you can expect expensive bills if you want to spam the Tangle for longer.
Also, the attacks will be alleviated and distributed because the Tangle is designed for a meshnet, with countless connections in the network. If you attack one connection, the stream of data and tokens can flow over another one. The attack gets reduced like small waves on a watersurface when a drop hits it.
The mutual tethering on top of that means also, that you have no access to the inner mainchain if you are freshly connected.
You cannot become an omnipresence. You would need to know all neighbors of all fullnodes (or 34%) which is already today impossible.
Keep in mind that even today, lots of spammers are active for research or to boost the CTPS.
The zero-value transactions then, are simply deleted(or pruned) so that the ledger gets “tighter” again. In the fuure, this will be an automated process, as mentioned.
A spamming attack therefore doesn’t slow the whole network down, is expensive and inefficient.
What’s the point in performing such an attack?
Also, concerning the COO. It will be gradually removed, when the needed hashpower is there. Then, we see the monte carlo random walk algorithm as tip selection algorithm. The cumulative weight of the mainchain and already referenced transaction will ensure that no parasitic chain will take over.
But that isn’t possible anyway. Doublespending is virtually impossible.