I don't understand how it is possible for that to happen as long as the solver does not disclose the private key. I mean, #64 and #65 both have unknown keys, right?
No, you're wrong. The private keys of #64 and #65 are known:
#64 = F7051F27B09112D4
#65 = 1A838B13505B26867
As soon as someone makes an outgoing transaction of #66 the pubkey will be revealed. With the revealed pubkey it's a matter of seconds to get the private key and then you can replace the still-ongoing unconfirmed transaction and forward the coins of #66 to any other address.