Perhaps your most important statement is the Difficulty != Security, which is true. Security derives from the cost of mounting an attack. If all miners today used FPGA boards and were much more efficient per Gh/s, then difficulty would be much higher... but if these FPGA boards are just as cheap as the GPU's which preceded them, then the cost of the attack hasn't increased and thus the higher difficulty is irrelevant.
This is completely banal. It's all about invariants. If the type and technology level of the hardware used is invariant, then the "difficulty" number very strongly correlates with security. If not, then of course the difficulty correlates more than anything with the hardware technology.
For discussing the issues in the OP, it is perfectly acceptable to assume the hardware technology (as well as the value of the Bitcoin system) is invariant, so "hashrate" is interchangeable with security. The OP's main point (which I don't really agree with) is that it is not the continuous hashrate that matters, but the reserve hashrate.