I believe transactions-as-proof-of-stake (the heaviest subtree model) is probably the best alternative to proof-of-work - and it isn't all that good.
Agreed. One issue is that it makes risk analysis difficult. This means the simplicity of wait for x confirmations and you are safe (unless attacker has a majority of the hashrate) no longer applies.
I don't know if I have missed some discussion that would have changed the understanding I formed, but I
pointed out egregious flaws in the original proposal for Transactions as a Proof-of-stake.
The fundamental math problem with using any metric from the block chain (or any consensus voting such as proof-of-stake) is that the input entropy can be gamed deterministically unlike proof-of-work which is a randomized process, i.e. the input entropy is not orthogonally unbounded as it is in the randomization of proof-of-work.