You are correct, this is a theoretical attack.

Ignoring the probability or computational power behind this attack, lets assume it could be done.

Given that it could be done, if you could generate an address which collided with someone else's address you could spend any Bitcoin they had received at that address.

However, considering the address space involved here, the practicality of finding a collision is astronomical. You could spend the rest of your life generating wallet IDs on as many computers as you could find, and you'd almost 99.999% be guaranteed to never find a single collision.