Best is probably a better term than "legit" it is possible the best chain is the one created by an attacker (in both PoS & PoW) however the consensus system is limited to picking the best chain. The chain built from the genesis block which is the longest is the best chain. Any new node is relying on an assumption that other nodes are using the same selection criteria. If all nodes are using the same selection criteria (and it is deterministic and uniform across all nodes) they will all end up selecting the same chain as the "best" one.
How does a node verify the genesis block?
Is that not exactly the same as verifying an arbitrary block?
If it can be done once it can be done again. An attacker would be foolish to limit it to a single attack. If any tx could be reversed with 719 or less confirmations then the attacker has done a good job in destroying the utility of the coin. The ability to fork offline clients is just an added bonus to add to the chaos.
One question still bothers me:
Why should nodes discard blocks (and therefore invalides many transactions?)? Especially those nodes running by merchants that can cross-check if their due transactions are on the blockchain already.
Would it not be more intelligent to distribute the raw transactions as broad as possible? All this assumes an extremely well developed network controlled by the attacker, right?
And if so, why would this
extremely well developed network controlled by the attacker be unable to send the new blockchain in time to the merchant's node? Would this not raise awareness on the side of the merchant?