It's unnecessary to forge the timestamp, having an old timestamp doesn't make a block invalid unless it's earlier than the blocks it builds on. It's the reference to the last block that matters. If a pool tries to concoct an alternative branch the miner can easily find out that the previous block he works on is not the latest block known to the network.
Makes sense but old timestamps would rise suspicion. Also it's not true that the block chain only contains strictly growing time stamps. I've seen examples where this was not the case.
I don't remember the exact rule and it didn't seem relevant, something about not being earlier than the median of the last X blocks. The point is it can't be too early.
And a branch with all the blocks having similar timestamps will raise more suspicion.
can't this be used to detect attacking clients that want to withhold the winning blocks?
withhold the winning blocks??? what does that mean? i'm not a native english speaker but according to my dictionary "withhold" can mean "keep for them self" which is not possible as pool mining means the pool dictates the block (txs that get in, timestamp and addresses for the 50BTC reward) and the miner only finds a salt so the hash fits. Changing the data will make him fail on test data and get him kicked out of that pool.
"withhold" also means "hold back" which would not make sense neither as it would simply delay the next block from being found.
I provided a link with some discussion about potential attacks. Unconditional withholding can be used for sabotage and is especially deadly against PPS pools. Postponed submission can be used for additional profit.