It's late at night; my mind is wondering; I had this thought (I'm sure the point has been raised before, but oh well):
We're all familiar with the vulnerability posed by an entity with 51% of the total cpu power: potentially reversing transactions.
But this kind of attack requires sophistication and, well, 51% of the total network hash rate:
http://bitcoin.sipa.be/.
As many have pointed out, botnets are presumably made up of a bunch of low-cpu-power machines (servers in closets), making the threat of the aforementioned attack unlikely.
However, these low-cpu-powered machines would be capable of spamming small transactions (.00001 btc's) to each other, right? Even if future clients are written to enforce transaction fees, couldn't a botnet use a forked client?
I believe the result of such an attack would be massively delayed transaction validations.
I'm sorry if I'm totally off base with these assumptions, and I don't mean to fear-monger. I thought this was a valid concern.