51% isn't a magic number - it's possible to do double spends against confirmed transactions before that. If Michael wanted to do so, with the current setup he could, and that's obviously rather different to how Satoshi envisioned mining working.
However, you're somewhat right in the sense that it's a self-defeating attack. If the pool owner went bad, he could pull it off once, but the act of doing so would leave a permanent record and many of the people mining on his pool would leave. As he doesn't own the actual mining hardware, he then wouldn't be able to do it again.
There are also other mining protocols that allow people to pool together, without p2pool and without the pool operator being able to centrally pick which transactions go into the block. However I'm not sure they're widely deployed at the moment. It'd be better if people didn't cluster around big mining pools, but I think p2pool still has a lot of problems dealing with FPGA/ASIC hardware and it hasn't been growing for a long time.