A 51% attack doesn’t let the bad actor steal someone else’s coins. It lets them reverse and double spend their own spending. They can’t directly steal coins. The flexibility of open source software gives opportunities to mitigate such an event, should it happen.