Your reasoning is perfectly valid with few buts...
1) he would have to convince "quite a few" users, to actually make this successful. If one person is able to do that we're doomed anyway (same in NXT)
2) it does not work like "power leasing", so attacker actually needs to generate block using every key == waste of time and resources, while meanwhile main chain is going forward...
1) So a successful socio-engineering attack would work. This is bad, because an attacker may place 5 different services on the Internet and target average Joes. It's not the same in Nxt, forged fees don't go to the owner automatically forcing average Joes to care about trustworthiness of the server owner.
2) "Waste of time and resources"? I doubt it's that hard to harvest with 1000 accounts at once, PoI has PoS in its core, not PoW.