Does this mean that even if an attacker wants to attack and has the money to do so, the attacker is unable to because he will never get his hands on a bigger percentage of the stake in the network compared to the developers? If that is the case, is there a reason for not making it the "best practice" for new coins?
Yes, that is exactly what it means. I can't speak for every PoS coin out there but I'd guess it is a de facto best practice for early stage development. Gaining 51% stake in the network is a very costly attack vector for any coin in the top 400 because it would cost millions of dollars. A more pressing issue is when the underlying assumptions made by the developers about incentive structures don't reflect reality. For example, when centralized exchanges hold a massive amount of stake belonging to depositors, the exchange doesn't need to spend 51% of the market cap of the coin to launch an attack. Hopefully this becomes less of an issue if decentralized exchanges take off.
Can you explain more briefly what sporks are, and this is connected to "checkpoints may be hard coded into the wallet binary itself"? I'll read up into it on the side too, but it often helps to get some idea of what it is beforehand.
Sporks are separate from checkpoints; sorry if that wasn't clear. There exists a master public/private key pair that's used to manage the spork system. The master private key is used by the developers to sign spork messages before broadcasting them to the network. The master public key is held by every wallet and used to verify a spork message that's received from connected peers. The spork message might tell the receiving node to deactivate a certain feature or put a restriction on a consensus rule. It's really up to the developers how extensive they want to make it.
Checkpoints are block hashes that validate a version of the blockchain. They're mainly used to protect against long range attacks, an unstable chain that's prone to forking for whatever reason, and an honest node connecting to a malicious node then downloading the wrong chain on start up. You can look into those issues individually but elaborating further would be beyond the scope of this comment.
Hard coded checkpoints are block hashes that are added directly to the wallet code by developers. Check pointing servers are used when the block hashes need to be distributed to the network at much shorter intervals. So instead of needing to update the wallet to get new checkpoints the wallet simply receives the check points over the network. Of course this is centralized, but it's a necessary evil for a lot of coins.
Thanks for your answers. I still want to ask further though, do developers rely anything else other than algorithm? Have anyone seen maybe a solution from the cryptonomics, perhaps?
Also, how deadly is a 51% attack to a new coin? Would it be more grievous?
I don't feel qualified to answer your question about crypto economics, so hopefully someone else can provide more information on that.
A 51% attack can range from devastating to slightly inconvenient depending on how public the attack is, the market cap of the coin, and how new the coin is. If the coin is completely new and there aren't a lot of investors then the devs can always nuke the chain and start from a new genesis block or fork the chain at a point before the attack. It depends a lot on context.
