As far as I'm aware, that's a pretty accurate and succinct description of the issue.
> You know you do, but he can't prove it, as 100% of your Bitcoin are currently in flight rather than being in accounts demonstrably under your control.
A minor nitpick: you can demonstrate the accounts are under your control, just not via a "normal" bitcoin transaction.
By signing a message with the private key corresponding to the public key of one of your output transactions? I think someone who accepts that as proof doesn't understand what is happening. I could sign "I totes have 9.99 BTC" with the private key corresponding to the 9.99 BTC change output, and if you were a dab hand with the OpenSSL command line you could verify that the signature matched the public key, but you cannot verify that I have not already broadcast a separate transaction moving those 9.99 coins to another address (either mine or that of another party). At that point I might as well give you a signed message saying "I totes am capable of signing messages. This one is signed with a random number. Go me!"
Did you have a different strategy for demonstrating that I control the Bitcoins that aren't fixed with 6+ confirmations yet?
Sure, but that argument applies to any unconfirmed transaction, even if that transaction has inputs from a confirmed transaction. It's not a problem specific to the transaction malleability issue.
> You know you do, but he can't prove it, as 100% of your Bitcoin are currently in flight rather than being in accounts demonstrably under your control.
A minor nitpick: you can demonstrate the accounts are under your control, just not via a "normal" bitcoin transaction.