If clients are relying on your service attackers would only need to disrupt it (though finger nail pulling or large bank accounts in the Caymans) for seconds.
I don't know what you & Casascius have in your minds exactly, but my understanding of the "checkpoint services" would be that they will provide ratings for each block: AAA, AA, A and so on. The big exchange like MtGox would run its own pool and its own block rating service. Then instead of the fixed "6 confirmations" to consider the transaction valid people would agree to make the conditions more involved, eg: transaction is valid when MtGox rates the block containing it at least A and Casascius at least AA and slush|TradeHill-conglomerated at least AAA. There wouldn't be a single point to attack. The attacks would result mostly in delays of the settlement.
Not sure I like the idea of Mt. Gox consolidating even more power. A pool as in mining pool? Possibly one of the largest mining pools someday. The single company running largest exchange, largest pool, largest rating service? Kinda flies in the eye of decentralized.
Still that wasn't the impression I got at all. What you be the metric for AAA vs AA vs A? You do understand that waiting is no protecting from a 51% attack right? The attack chain would be built in secret. It wouldn't be released until it is longer than the valid change. So a block rated quadruple AAAA would instantly be erased without warning by a longer chain and the transaction replaced.