So a proof-of-work is already secure enough to secure against internaly motivated double spends, why would an external 51% attack completely dis-credit it?
Because the mechanism against external attacks as you call them also works as a defense against internal attacks. Proof-of-work would be costly and redundant (read uselss).
Useless and costly -> completely discredited