I have a question on how the provably fair system can resist collision scams.

I know this would be extremely difficult in the bitZino case (impossible for all practical purposes as long as the hashing algorithm remains unbroken), because the server secret is a coherent JSON string of cards. However, this could be the case on a cointoss setup where the server secret seed is just a random (or random-looking) string.

A malicious server could select two colliding seeds and show their identical hash. Then, upon receiving the client seed, the server chooses the server seed that yields the most favorable outcome and reveals it to the client, who has no means to know about the existence of the alternate seed. Therefore, the system is not provably fair.
Know collisions exist for the still widely used MD5 algorithm, and theoretical collisions (a significant reduction of the entire search space) are possible for SHA-1.

A possible solution could be that in the first step, the server combines its secret seed with a public nonce and shows the combined hash. This ensures that no collisions are available.

What do you think?