Anyone knowing OP's public key or hash of it can spend the coins sent to that address but the transaction will be considered non-standard and rejected by the nodes, so it needs miner's intervention.
Now that you mention it, I indeed remember reading about this years ago.
Do I get this right? For a miner, it shouldn't be too difficult to find the public key of similar addresses the moment they're sweeped on the Bitcoin chain. If the address hasn't been used yet on the Bitcoin-chain, chances are Coinbase will sweep it after it receives a deposit. It's also not that difficult to get a list of all Bitcoin Segwit addresses that accidentally received coins on the BCH-chain. I see a whole new usage case for
this data!