And no matter how small/large the hashpower of the miner network is, even if they all collude they won't be able to touch funds from a public address whose private key they don't know.
This used to be true. It is no longer true for segwit transactions. Any segwit transaction in a block that gets rolled back, should the miners agree to do so, becomes an anyonecanspend tx. Which would likely be claimed by whichever miner mines it back into a block.