To your first point, the problem is that if Bitcoin somehow recovers after an attack, the steal itself would then be valuable for the attackers. In fact, they could in theory steal so much bitcoin as to pay for the whole thing. And even if they only manage to steal slightly less, they now have the CapEx for future attacks. So they could just keep coming back for seconds!
Implying the attacker would get to keep the coins. Depending on the duration of the attack, reorgs after the fact are still in the realm of possibility. If the attack continues for so long as to make a reorg infeasible... congrats, you've just become a Bitcoin miner. You won't get to do another double spend though, because for that you'd have to divert hashing power, loosening your grip on the network.
Also keep in mind that double spends are easily detectable. It's highly unlikely you'd get to cash out any reasonable amount of double spent coins, especially with everyone being on high alert. The only "steal" an attacker could hope for is that the mining rewards they received aren't nullified by aforementioned reorg.
Yes, you are talking about the potential that the
actual honest miners will make a (temporary) soft fork on order to make the original chain overtake the "attack chain" once again, right? That's a very valid point; it could certainly happen.
But this effectively still requires a rethinking of the Bitcoin protocol, namely if the defense against a Goldfinger attack is to always soft-fork back to the original chain. And then one in theory has to determine exactly what reorgs constitute an attack, and what reorgs are just normal activity on the blockchain. Otherwise the community might disagree on a particular decision, which could thus cause a hard fork.
If Bitcoin defines a specific threshold for what is an attack and what is just a normal reorg, however, then this opens up for the possibility that the 51%-attackers can target this exact threshold in order to cause disagreement on whether a certain chain is invalid or not.
The only way they can resolve this will then be by implementing a protocol for voting on which is the valid chain. They can't use PoW to distribute this vote, however, since the attackers might control the majority. So if they want it to remain decentralized, they have to opt for something like PoS instead.
So it seems that this line of thinking will eventually lead back to the question of this topic as well: Should Bitcoin adopt PoS in some capacity in order to mitigate this attack vector?