There are several things we have looked into, but basically we are being forced to implement things we did not wish to until after Alpha 2. It's a bit of a pain but also a good thing in a way. As we tell people what limitations are and help folk go through the code then it seems the bad side of that is that before the system is ready for such attacks we have at least one person trying to cause a nuisance. It's not clever but probably is not too bad, just we need to actually treat early tests with a bit more care in terms of not allowing such openness.
We know the next steps and vaults will require some additional parts now and we cannot just release the next part for everyone to test, as quickly. Instead we must now keep the releases back a bit and make sure we add in the components to prevent such attacks, like start a bunch of vaults, switch off / on, disconnect partially off and on etc. It's not clever and easy to do, we let folk know it's easy, but players will play and all that jazz. So we will have a wee bit of work to do.
Clients are partially protected with tokens, but what a shame really, it's life though and it does not worry us at all, just a wee reminder that not everyone is trying to help, some (very very few) will just do what they can to spoil a party, however they wont spoil this party
In terms of what is really required to sort this completely, then it's node age, secure name, full sig checks, safecoin, data chains etc. So the complete answer is when everything is in place this wont happen, but we really must work more now to put in place temp parts of code to allow us to iterate in the open while we do implement all those parts. We can though and we will, we will just make all the good folks happy and give even fewer, not so supportive, a game to play.
[Edit} I should add, we will need to be careful with community networks now as well, if these are open then they are an easy target to spoil.