There are no "not-legitimate" transactions. Just ones that end up in the chain and ones that don't.
Yes, there is. The tx which was broadcasted first is legitimate and any other transaction that is broadcasted later is non-legitimate.
If a user is concerned that they might be dealing with someone who would try to back out of paying then they should use Bitcoin's built in solution, wait for confirmations.
There are use cases where you don't want to wait for confirmations.