Your second point essentially requires a decentralized charity to exceed the size of an attacker, which isn't a realistic form of security.