if someone sent me coins that way the first thing i'd do is spend them to another wallet that I know the sender can't have a copy of
I left that step out since its so obvious. You use a clean wallet only funded with the exact amount of coins you want to transfer.
I think you miss the point.
1) A sends private key to B
2) B sends cash to A
3) A spends private key and B loses.
Note step 3 can happen at any point in the future until B "spends" the coins by making a transaction to another address either his or another person.
Worse if B sends the private key to C ...
1) A sends private key to B
2) B sends cash to A
3) B sends private key to C
4) Funds are moved from private key.
Who did it? A? B? C? D ( a 4th party who gained access to the private key due to poor handling by A, B, or C)?