Well, SD is probably assuming that money is coming from a wallet that you control--which is not a bad assumption. The alternative would be to require a return address somehow and creation of accounts and that's probably just a lot more trouble than it's worth. But yes, the hard part is proving that the money isn't someone else's. Gox is well within the realm of logic to assume that the BTC that was sent back to you from SD was a deposit to someone else's account.
Right. The point is that Gox did the right thing. You can argue endlessly over whether Bitcoin is broken because it doesn't provide a return mechanism, SD is broken because it acts as if Bitcoin did provide such a mechanism, SD is broken because it didn't provide adequate warnings, the user is at fault because they didn't pay attention to the clear warnings, and so on. But there is no way this is Gox's fault. Either SD didn't provide adequate warnings that they make unusual assumptions or the user didn't pay attention to adequate warnings. Gox's behavior here is completely normal and, most likely, they credited the deposit to another user.
Right, but since all this data is available, they can trace it (remember, in your scenario, that they also have internal ids for transactions and tie them to users, and that is how it is resolvable). Surely they should charge a retrieval fee and return the money.