Good point. The attacker could do that, however  transactions that are older than 1 hour could never be reversed!  And isn't that the whole point of an 51% attack?

The only thing an attacker could do is now

* prevent any transactions from happening
* reverse or double spend transactions that are younger than 1 hour.

which is very expensive and not that dangerous imo.

If a Merchant receives a big transaction he  could just wait 6 confirmations (maybe double check transaction on blockchain.info and blockexplorer.com) and even if the attacker is in full control for the whole time this transaction could not be reversed!