You can also have more precise time stamps with the Roughtime protocol [1] (Peter Todd has talked about this [2]), although it is easier for the servers in the Roughtime protocol to cooperate and forge time stamps than in Bitcoin.
Another way to prevent "double spending"/attacks like these, you can burn Bitcoin with each publishing of the hash, ensuring that it is at least costly for an attacker to preemptively timestamp all of the probability space.
Another way to prevent "double spending"/attacks like these, you can burn Bitcoin with each publishing of the hash, ensuring that it is at least costly for an attacker to preemptively timestamp all of the probability space.
Your security analysis looks correct to me.
[1]: https://roughtime.googlesource.com/roughtime
[2]: https://groups.google.com/a/chromium.org/d/msg/proto-roughti...