That's true, but buying that much hashpower would require a non-trivial investment. Not only that, but it would be very difficult, if not impossible, to acquire that much hardware due to manufacturing time and relatively small product pipelines. Such an accumulation of hashpower would have to happen in secret, which is also unlikely, because if it became known, the network could easily embrace a hardfork to change the PoW algo.
I guess the point is that theoretically PoW could be attacked, but it would be vastly less expensive to attack PoS. In fact, the greater the attacker's credibility, the cheaper the attack would be.
Sure, but its the same with PoS, the higher the price, the more non-trivial the investment to ruin the coin. The price of PoS coins is the equivalent of PoW difficulty, so the same is true for low-difficulty PoW coins. Practically that means for high PoW coins and high PoS coins that PoW are harder to destroy because of the middle step of acquiring the hardware while in PoS you just buy the coins. Secure PoW needs decentralized hardware, while PoS needs decentralized distribution, both are theoretically insecure and both are practically secure except for low difficulty (or price) coins.
Actually that's not true at all--and that's the entire point. If the attacker is credible enough (i.e. he is likely to spend as much money as necessary to succeed), people will be willing to sell to him for a fraction of the value of the coin