It's late at night; my mind is wondering; I had this thought (I'm sure the point has been raised before, but oh well):

We're all familiar with the vulnerability posed by an entity with 51% of the total cpu power: potentially reversing transactions.

But this kind of attack requires sophistication and, well, 51% of the total network hash rate: http://bitcoin.sipa.be/.

As many have pointed out, botnets are presumably made up of a bunch of low-cpu-power machines (servers in closets), making the threat of the aforementioned attack unlikely.

However, these low-cpu-powered machines would be capable of spamming small transactions (.00001 btc's) to each other, right?  Even if future clients are written to enforce transaction fees, couldn't a botnet use a forked client?

I believe the result of such an attack would be massively delayed transaction validations.

I'm sorry if I'm totally off base with these assumptions, and I don't mean to fear-monger.  I thought this was a valid concern.