From my limited understanding of the bitcoin protocol, the transaction fees are designed to solve exactly the above problem. When the volume of transactions becomes problematic, then miners will be free to choose which transactions they include in their newly discovered block, and the prioritization will be done based on the fee included with each transaction. In this way transactions with no fees can be treated as spam and ignored (or will take very long time to confirm), and only transactions with sufficiently high fees will be included.
Regarding your other points, I wholeheartedly agree, especially with regard to modularizing the code with clearly defined security boundaries between each module. Having a gigantic monolithic piece of code where a single vulnerability may bring down the whole thing is bad software design.
That is my understanding too, and it works well to protect bitcoin from attacks from individuals or small organizations bouncing small amounts of bitcoins between different addresses. However, for a large well funded attacker it would not be that expensive to create large amounts of transactions that would be very hard to differentiate from legitimate transactions from the point of view of a miner. With drastically larger fees for every transaction this problem would be smaller, but the usefulness of the bitcoin system would decrease as well.
/noa