SO - If we imagine that p2pool becomes the de-facto pool. let's say 90% or even 99% of the hashrate comes from p2pool. What happens if ONE miner (entity or a private pool of miners) controls 51% of the hashrate of p2pool ?
Can't he still do his attack then ?
I mean the ROLL-Back attack, where he can create a new valid chain, and catchup then overtake the current chain (making his the longest chain), and remove the spends he wants.. ?
The effect of a mining pool is to consolidate all the hashing power under the pool operator's control, in terms of what transactions and blocks are to be included and considered valid. Miners would prefer to make those decisions themselves, but if you control only 0.0001% of mining power, you'd usually prefer the lower variance of getting a small payout every 30 blocks (by the pool) vs 1 full block every 3 years (mining solo).
P2Pool provides the same variance reduction for miners, without centralizing the decision making process. Someone who has 51% of all hashing power can do what you are speaking of, regardless of whether they are mining solo or in P2Pool. If they mine in a regular pool, they are effectively "handing the keys" to the pool operator. But with 51%+ you have no incentive to use a regular pool or P2Pool.