ok i think you are getting confused..
so pretend it is sunday the 3rd of april. the network is not using segwit.
BUT
on this same day a malicious miner makes a block paying a destination address he owns. dstination/output: 1MaliciouspoolAddress
he makes the block that has the transaction included to pay 1MaliciouspoolAddress
he owns the key for 1MaliciouspoolAddress

BUT is using inputs of funds he does not own. but knowing he is making a segwit transaction he doesnt need to worry about signatures because the old clients will ignore it they wont get to see the witness data so they couldnt even validate the inputs even if they tried. to them its just a funky transaction..

so he is makes the block.. and the network accepts it because although the transaction should be invalid.. the segwit bait and switch allows for transactions in a block to be overlooked.

and so it becomes part of the chain..

then LATER lets call it May 17th and segwit is available.
the block created on april 3rd now has 6336 confirmations with a transaction inside saying that 1MaliciouspoolAddress has coins.

to old clients they are thinking its a funky tx that is unspendable(its not a op_true like you thought but op-0).. but to the segwit clients they can see the 1MaliciouspoolAddress and they see the tx is confirmed with 6336 confirmations.

so a new tx is created in May and signed using the private key of 1MalicouspoolAddress and pushed out to the network.

remember old clients did not orphan the block on the 3rd of april..
remember the next transaction in May is using the output 1MalicouspoolAddress as a new input.. and a valid private key aswell

when segwit is available to all pools. then all the pools instead of ignoring shit, they would see a new transaction waiting to be added to a new block. where there is a signature to a valid publickey input because as i said many times the pool would have put the funds into a key they own. and that new transaction would go into that new block allowing the funds to be moved legitimately..