The problem of finding a fork that is stronger than the legit one is well explained by Come-from-Beyond here:
https://nxtforum.org/bitcoin2014-btc-foundation-conference-amsterdam-(may-15-17)/technical-questions-need-answering-from-amsterdam/msg22489/#msg22489Imagine that the adversary have several accounts. He can build different blockchains with different sequences of blocks. Every branch will have different cumulative difficulties. The attack will be successful only if he manages to find a branch with difficulty higher than the difficulty of the legit chain. It's a problem of finding an extremum (optimization). None of the methods (gradient method, etc.) except exhaustive search over all possible combinations could be used for that coz Nxt uses SHA256. So we get classical "find the nonce a-la Bitcoin" game here.
That is for an attacker with less than half the stake. That isn't a 51% attack, that isn't what is being discussed.
An attack with more than 50% of the stake (TF is off)
It's quite expensive to purchase 51% of all forging power. Now with Leasing it's more affordable but max depth of chain reorg is 720 blocks. So a successful attack is possible only after a successful sybil attack (to get control over 51% of active stake). Paranoid merchants should wait for 720 confirmations.
Even the security from 720 confirmations is due to rolling checkpoints which is a centralized protection. Without it, it would be worse. This explanation also ignores what we are talking about when it comes to history attack. If at block x the attacker has 51% of the active stake the attacker can then sell his stake and thus the attacker has no cost, he no longer has any coins but as of block x he did so he can reorg from that point. The attack can be done with no cost or risk based on the fact that in the past the attacker did have sufficient resources to perform the attack.