As far as the rest, the blockchain stops all that already, this is only a problem for exchanges that process withdrawals before confirmation, which you would think would be none of them.
No, the malleability attack has exposed a more general problem that can affect the reliability of zero-confirmation transactions between honest participants:
When the network is under malleability attack, zero-confirm transactions built from unconfirmed change outputs are not reliable.
Under certain conditions, it would be possible to pay for coffee with bitcoin, have the BitPay receipt say "paid", and later find out that the transactions was voided due to a malleability attack on the parent transaction [even when both customer and merchant are honest and do everything right].
I think the work-around (while we wait for a true fix to end malleability) will be for the wallets to disallow transactions built from unconfirmed change outputs, and for better in-wallet coin management to ensure a sufficient reserve of confirmed outputs to spend.
