You can't counterfeit BTC. It would require breaking SHA-256. Given entire world governments and every cryptographer on the planet has looked for vulnerabilities spending $5M trying to break SHA-256 would be slightly less productive than putting it into one big pile and lighting it on fire. At least the fire could keep you warm.
I agree with you, assuming that everything was implemented correctly. We thought the same thing about SSL for a while and look how that turned out. I'm not saying that SHA-256 is vulnerable in any way but I am saying there can be a lot of variables to be considered when attacking an algorithm and particular implementations of that algorithm.
There is a difference between vulnerability in Bitcoin protocol and counterfeiting Bitcoins.
To counterfeit is simply not possible. Every location of every Bitcoin ever created is known. The best you could hope to do is steal Bitcoins by brute forcing the private keys of large value addresses. That would require a flaw in SHA-256.
On the other hand there are vulnerabilities in Bitcoin protocol. Finney attack, 51% attack, DDOS of nodes, double spends, etc. However that isn't the same thing as saying you can counterfeit coins. I wasn't indicating that Bitcoin is invulnerable. It most certainly has known and unknown vulnerabilities however those vulnerabilities lie in the "trust" of a transaction not in the coins themselves. I was just stating counterfeiting coins is not possible.