Sure they can attempt to "double spend" and be guaranteed to succeed with a certain probability, but this just means they tricked someone into thinking--for only a very short amount of time--that they were paid when in fact they weren't. When the double spend is complete, everyone will see that the coins were only ever "really spent" once.
So, it's my understanding that GHash recently mined 6 blocks in a row, with 25% of the network hashing power according to blockchain.info. Let's assume they collude with another similarly-sized pool and mine 12 blocks in a row (not unreasonable or particularly unlikely).
With an average time of 10 mins per block, that's 2 hours. I agree - not a LONG time in day-to-day life, but certainly a long time in the digital world. How much time (or how many confirmations) are most reasonable people waiting for these days? A few? Maybe 8 or 10 confirmations for something of high value?
Now, think of all the coins an attacker may have in reserve, and realize that they could easily all be double-spent in that somewhat short time period in transactions where people are being reasonably careful (waiting for several confirmations)... And unlike many other types of fraud, no one can simply reach in the attacker's bank account and seize/recover those funds. Bitcoin merchants & service providers will lose money, and they'll have little recourse.
Let's try some cost/benefit analysis: assuming 12 blocks of double-spend time... (we'll ignore the costs associated with operating the pool's mining resources as the cost will be the same in either scenario)
Opportunity cost to the pool: none if only the double-spend transactions are somehow reversed because you'll still get the block reward for those blocks. Otherwise, if those blocks are completely discarded by the network, then your opportunity cost is 12 * 50 BTC = 600 BTC (plus transaction fees).
Benefit to the pool operator(s) in attack scenario: The value of all coins in possession of the pool operator. Even after the attack is discovered and the double-spends are corrected on the network, you have whatever you spent your coins on + your original coins.
Risk: possible devaluation of Bitcoin if enough people become concerned with what you just did. But let's be honest - no one's going to care about a few double-spends, right?
I'm not talking about going out and "buying some weed" or having a crazy night on the town. There are plenty of businesses now (brick-and-mortar as well as online services and marketplaces) where people are willing to sell high-value items (e.g., exotic cars) for Bitcoin. Heck, many online exchanges only require 8 or 10 confirmations before funds can be traded. In that time, you could literally crash the market with your double-spent funds. Then just as people figure out what you've done, you buy back in as the market is recovering. Your double-spends are corrected by the network, but guess what - you still have all of your original coins + whatever you made while manipulating the market. As long as that's greater than the opportunity cost (accounting for the level of risk you feel it poses to Bitcoin's long-term value), then it makes economic sense to perform the attack.
Or maybe I'm missing something that prevents all of this... if so, please tell me.
But again, the debate really shouldn't even be about the profitability of the attack. It's about looking for real solutions to real problems (which can and will affect the future of Bitcoin), instead of dismissing them as being "unlikely" because "no one would ever want to."