No, it's not that easy, if transaction flow drops then an adversary can catch up and double-spend. It's a never ending race.
Indeed, right. Another try:
To consider the system secure, the average number of transactions per second, multiplied by the minimal PoW, must exceed the maximal hash power per second of a probable attacker