Even sending few thousands coins to /dev/null may be a fun for some people.

However I think I found some workaround for this. Device can enforce the rule, that change address (that address used in transaction output, but going back to the same wallet) can be just few indexes in every direction far away from some already used address (confirmed by SPV validation). By enforcing this rule, the space is drastically reduced and clients can make lookups for such change addresses, so the chance to lost coins by such attack is minimal.