I used to believe that it is protected by the public-private key cryptography, e.g. without the signature generated from private key, the coin at certain address can not be spent
But now I realized that this really depends on the client running on the nodes
If a group of nodes are running a new version which does not need the signature to spend coins, then that version can spend anyone's coin without their signature (The new version can use a new signature scheme to protect their new address). Of course this transaction would not be known to the old client since that is not part of the old protocol, so in the old client coins are still there but in the new client the coins have already been spent. After the old client upgraded to new, the coins are gone
And there is really motivation in doing this: Since by the time when over 99% of the client is running new software, the old client essentially becomes minority thus have to upgrade to the new version because almost no node is using the old version anymore. So, by successfully rolling out a new version you can steal other's coins, especially Satoshi's 1 million coins, doesn't that sounds like a good idea?
I'm not talking about developer's ethics here, it is just a technical possibility that will attract lots of criminals, and criminals really does not care about bitcoin's long term success, they just need to cash out the stolen coins at exchanges and they are done. In a word, if nodes could not prevent the protocol from being changed to something malicious, then you essentially can not protect your bitcoin at all. And the more complex the code is, the easier to hide malicious implementations
PUSHDATA [version_byte + validation_script]
I do not understand what an attack vector you are discribing here. Old versions will have decreased security because they will have to assume (w/r/t to those transactions they won't be able to fully check) that the longest chain is the valid one. This kind of an assumption is already here for SPV wallets, which, to my knowledge, are an overwhelming majority these days. But thanks to fraud proofs, the SW will be able to strenghten their security.
Anyway, it's always been that full nodes provide the highest security possible. The full node verifies that the coins you receive are valid. Full nodes act as a check against dishonest miners. It will stay this way.