Edit: similar functionality can be obtained in the current implementation of the longest chain rule, by waiting for 100 or so confirmations before accepting a payment as final (to extend out the duration cost for the extended time attacker has to keep his chain secret so your payment isn't orphaned by the attacker's chain). Thus unlinkable coins could still defeat ephemeral 50+% double-spending attacks, but with very slow payments.
Note the above is FUD in sense that I have not really formalized and verified merging instead of forking the block chain. I might still discover that merging is infeasible. But this is something to keep on your distant radar.
That is the qualitative difference I was arguing with smooth upthread.
The point is that between 25% and 50% of the network hashrate, the attacker can in theory win with selfish mining (and probably ramp up to 50% with it) and this is due to the fact that the chain is forked and not merged (I have a formal math proof of this). Also above 50%, the attacker gets winner-takes-all with short-term rented hardware, because the chain is forked and not merged.
I don't think gmaxell really understood me, yet I am not sure if I really understood all the variables yet. So this is a work in progress subject to failure.
The following also applies:
https://blog.ethereum.org/2014/07/11/toward-a-12-second-block-time/
I reloaded all those variables in my mind and worked through it finally. I confirm gmaxell is incorrect (but without peer review so caveat emptor). I can see now possibly a deeper reason why he thought I was incorrect, but afaics he apparently didn't see why that reason is irrelevant because it is sort of non-intuitive or not obvious. I'd rather not share my finding at this time, as I think it is very valuable. Appears to me Ethereum's proposal is not optimum.