Putting the efficacy of coinjoin to one side:

On Mon, Aug 11, 2014 at 1:38 PM, Tim Ruffing <tim.ruffing@mmci.uni-saarland.de> wrote:
Then the only remaining reason why it could be invalid is that the input could have
been spent already otherwise. But in this case, only one honest client with
full information would suffice: a signed transaction that spends the money
would convince even SPV-clients that the participant with this inputs tries to
cheat.

Bear in mind that getutxo does not return the spending transaction - it can't because the UTXO set doesn't record this information (a spent txo is deleted). 

However, if you have sufficient peers and one is honest, the divergence can be detected and the operation stopped/the user alerted. If all peers are lying i.e. your internet connection is controlled by an attacker, it doesn't really make much difference because they could swallow the transaction you're trying to broadcast anyway. Ultimately if your peers think a TXO is spent and refuse to relay transactions that spend them, you can't do much about it even in the non-SPV context: you must be able to reach at least one peer who believes in the same world as you do.