Double spending requires having counterparty, confirming a transaction with that counterparty, and then re-writing history to eliminate the transaction that the counterparty accepted. Coins that aren't in motion during the 51% attack can't be stolen, and coins that are in motion but aren't being sent from the attacker also can't be stolen.
When a double-spend occurs, usually it's from a deep chain reorg. This is what people usually refer to as a double-spend attack, not the kind of reorg where it only affects a few of the top blocks (which isn't uncommon). The latter occur relatively frequently due to the nature of Proof-of-Work being essentially a race.
Consensus mechanisms can detect when a sudden "deep" reorg occurs, e.g. a sudden reorg of 200 blocks that we didn't previously expect to be reordered. When this happens, it's relatively safe to say that this is a double-spend attack and we can disregard the attacker's chain. There's variations of this that additionally add things like "checkpointing" wherein reorgs beyond a certain block depth (the "checkpoint") are impossible at the consensus level.
There's a lot to critique about blockchain tech, but miner centralization is a relatively dated concern. Yes, it's a concern for many blockchains, but for the major Proof-of-Work chains (Bitcoin, Ethereum), it's not an issue anymore.