Bitcoin is a consensus-building network. There cannot be a reliable zero-confirmation system using the Bitcoin network alone, because it can't build consensus that quickly. The whole point of it is that your confidence in the transaction can grow exponentially as a function of work done (#confirmations), but if it has zero work then there is no confidence in it. At the end of the day, it's that simple -- you can't be confident until your transaction is buried in proof-of-work, which means it must have confirmations.
That's not to say that there will never be hope for zero-confirmation transactions: it just means that they will never be (and never were) suitable for zero-trust exchanges without external services. There are some cool things you can do with locktime and alternate sighash codes, but they all build off already-confirmed transactions -- they require seeding a contract with an already-confirmed tx! Third-parties may provide mechanisms to help people transaction instantly, and they may take a fee for it. But you won't get there with the network rules alone.
We need to get away from this wishful thinking that we can somehow adapt this proof-of-work system to work with transactions that have no proof-of-work. There's still use for them, just not zero-trust transactions (i.e. if my coworker sends me money to cover the lunch tab, I can be confident with the zero-conf, because I can go to his cubicle and punch him later if he double spends, etc -- this is not a zero-trust situation.).
Like you say, with the existing rule set zero-conf requires trust. As it stands "commitments not to double spend" can themselves be double spent. So they aren't credible.
An altchain could bend the rules and create a simple fix for this. We need "general purpose seeding contracts". These "seeding contracts" would be deposits supporting zero-conf txns to arbitrary payees. The Buyer is the sole party to a "general purpose seeding contract." Buyers precommit to zero-conf payments long in advance, but designate the payee and the amount at the time of sale. The "general purpose seeding contract" enters the blockchain long before the sale occurs, so it is credible. Payees could safely accept anonymous zero-conf payments issued from such contracts.
How could this work?
Suppose there is a new address type. Inputs originating from this address type obey the following txn rules:
1) 4/5 of inputs must be sent to the signing public key (I.e. you can only transfer 20% of any input to a new public key)
2) txn outputs are never spendable until 10 blocks have passed. Provided 3 does not occur, inputs become spendable after 10 blocks.
3) if the signing public key appears twice within a ten block interval, a contract violation is detected. The miner of the second txn receives 1/5 of the inputs as a txn fee. The other inputs are destroyed (i.e. the payee(s) receive nothing at all).
There are just two possible outcomes.
1) Payee receives their money. Buyer does not lose any money.
2) Payee receives nothing. Miner receives buyers payment. Buyer loses at least 4x the value of the payment.
Rational buyers never chose outcome 2, so payment are assured even with 0 confirms. It seems bad that the payee doesn't get paid in outcome 2, but this is unavoidable. You can never know who the legitimate payee is, so all you can do is take money hostage and destroy it.
[Edit: Thieves could try to spend at 6 or more different zero-conf accepting merchants simultaneously, but I bet this is much too difficult and risky to be practical. If not, you could increase the escrow requirement (e.g. 10-fold instead of 5-fold, so at least 11 simultaneous purchases must occur before theft is profitable).]