Is there a mechanism that assures that when I cancel the timed transaction, and the merchant has stored it and retransmits it, it's still cancelled?
The way you cancel it is by sending a locked transaction using the same coins. Then your other transaction becomes invalid.
If the merchant is malicious, you would want to cancel the transaction a few days before it becomes locked. Otherwise they have a chance of getting their version in a block before your version.