If a miner tried to include such a transaction, couldn't an error message point to the exact invalid txin, and issue a challenge to go find the appropriate merkle branch to prove it's valid? And if nobody can produce it, then they'd reject the block. Isn't it kind of the same with full clients? Any piece of missing data, and a block can't be verified.
Merkle branches prove inclusion in a block, not validity according to a certain set of rules. By definition the attack we're worried about here is miner conspiracy where they're trying to change the rules, so the transaction will be in a block and thus have a branch.
If you say, prove to me that the dependent transactions were included in a block, well, OK, so I'll make my fake transaction depend on more fake transactions (or already spent transactions). You can't prove I'm wrong unless you walk back every single transaction input which makes you into a full node.
This proposal is meant only meant to bring coinbase cheating within the scope of this trust model upgrade.
Most clients have some kind of developer backchannel. The Satoshi client has the p2p alerts system. The Android client can be updated by the developer. Other clients should have their own equivalents. In the case of a systematic attempt to undermine the system by forcing SPV clients onto a chain with alternative rules the best approach is to have the client upgraded at that point to tackle it, for instance, by warning users about what's happening and asking them to enable full validation. It's really difficult to come up with a way to prove to a client that the rules are being tampered with that is unbeatable in the general case.