I haven't read this entire thread yet, but is this true? The TX ID can be modified and re-broadcast to effectively double-spend?
It's not true. Both versions of the transaction will have the same inputs, outputs and amounts; they are two different ways of expressing the same transaction, and only one will be accepted by the network, so there is no double-spend. No-one should care which version of the transaction gets accepted. (MtGox did care, and that's their mistake.)
I think my point was that there is not real utility in allowing a TX ID to be modified. I'd be open to hearing what I might be overlooking but at face value it seems like a very poor decision in design.