So is there actually no one on these forums that can and is willing to explain in great detail how to go about one of these attacks?
Even if his intentions were not sincere, security through obscurity is a terrible terrible practice. Despicable.
without having access to the source for mybitcoin it's impossible to know what mistakes they made. They've admitted only that they were not waiting for the required number of confirmations before crediting account balance. There are also rumours that they were not even waiting for the transactions to appear in a block at all and merely marking them confirmed when they saw a new block, but I can't honestly believe anyone would code anything that bad.
If you don't like 'security through obscurity' - I recommend you start using one of the open sources exchanges based on intersango e.g.
https://intersango.us/ rather than mtgox...
Will