Indeed, right. Another try:
To consider the system secure, the average number of transactions per second, multiplied by the minimal PoW, must exceed the maximal hash power per second of a probable attacker
This looks good for the edge case of a tangle degenerated to a chain. It should be the same for a tangle with arbitrary topology for transactions that have already been considered confirmed, but intuition says that it's incorrect for transactions that haven't passed their adaptation period (i.e. there are a lot of tips not referencing them) yet.