Who decides what a vulnerable coin is?
This would be easy in my opinion. Vulnerable coins are all those where the public key has been published: P2PK and re-used addresses. I would however limit the "burning" strictly to P2PK scripts. Re-used addresses are extremely common and it would take a lot of block space to move them, in most cases I think also the incentive to attack them is low. But in the case of P2PK, there are millions of coins affected.
IMO the idea of "burning" (some people call it "freezing") is less worse than idea of redistribute Bitcoin from all vulnerable address, which also bring debate on how to perform the redistribution.
For re-distribution, there would be a quite easy and uncontroversial method: adding the coins to the future mining rewards to make the halving curve a bit smoother. IMO if this is an option the rewards should be moved into the far future, for example when the regular reward has fallen below 0.1 BTC or so.