Regarding your second point: how would a malicious entity differentiate between normal transaction rebroadcasting between nodes and an original transaction being broadcast?