The channel partner has a key, and in theory he could cooperate with the sender of the funding transaction. So what I meant was that the sender could send the money to the multisig address using another funding transaction which competes with the "legit" transaction which uses your input. We would arrive then at the same problem you described: the txid would have changed, invalidating the commitment transactions.
Afaik this has the ability to lock funds in some sort of stalemate if you're saying someone double spends the input transaction so the CT becomes invalid itself. Double spending the same funds between two different channels I think wouldn't be possible as the old CT is either already invalid or set to be when the new one is produced - so you'd have to present your new balance as being whatever the last CT said it was.
Also, I think it's generally recommended to leave a wallet open as the CT confirms as I think if you send via mainnet to a CT and something changes while it's unconfirmed - wallets might be coded to. Double spend and return the funds back to you although at the moment only one person funds a ct so I assume the other can't provide funds without both sides agreeing.