The problem with 0-conf attacks is not actually technical. It is logistical and social.
There are 2 general ways to scam in 0-conf purchases:
-
Scenario A: Make few very large ($>10000 otherwise it does not make enough profit) transactions yourself multiple times. Will not succeed, because for larger sums of money everybody will expect at least 1 confirmation
-
Scenario B: Make thousands of small transactions. To do this without triggering Per-IP-Range-Limit defence mechanisms [that will be built], you would have essentially either have to 1) create large fake-IP infrastructure yourself, 2) use a botnet or 3) convince a lot of people to do it via using an “evil wallet”
Each of these options: A, B1, B2, B3 either will be quickly and easily stopped or requires significant infrastructure and work and perhaps the small profits and huge risk simply do not justify such huge amount of initial work and maintenance.