It is.  The phrase "longest chain" is just used because "chain with the largest sum of the difficulty of the blocks in the chain selected among all valid chains" becomes a lot to write.  It is trivial for nodes to make this selection because difficulty is encoded in the block header and validated at the time the blockheader is validated.  Nodes simply sum the difficulty of the blocks in the chain and compare it to other chains to pick the "longest".

As a side note the network also enforces the difficulty change rules. Difficulty can't be less than 1 and is recomputed every 2016 blocks.  A block with invalid difficulty is invalid.  The timestamp of the genesis block is hardcoded in clients.   To keep the difficulty at 1 would require that the time between blocks remain 10 minutes.  While an attacker can fake timestamps he can't use an incorrect difficulty. So to have a chain of 300,000 blocks @ difficulty 1 would require 3,000,000 minutes since the genesis block.  That would put block 300,000 about 6 months into the future.   As a secondary check any block more than 3 hours from the network median time so to make a valid chain which has a valid timestamp for block 300,000 would require higher than difficulty 1.   


Exactly.  The only "solution" is absolute centralized checkpoints which prevent reorgs prior to the checkpoint.   PoS proponents often bring up that Bitcoin uses checkpoints however they are not necessary to enforce the security of the blockchain.  Case in point the oldest checkpoint is more than 5 months old, and a 5 month reorg would destroy Bitcoin.  Checkpoints are used by Bitcoin to prevent an attacker for wasting the resources of bootstrapping nodes as a DOS attack by feeding them spoofed chains.  There is no requirement that they be centralized.  Different clients could use different checkpoints at different block heights and it would work just as well.