Note that the attack works fine if the system allows me to keep buying BTC at, say, Mt Gox' price plus 10%. (For values of "works fine" which handwave a lot of practical issues, like paying you untraceably and making sure that I don't get undercut at Mt Gox too often.)
Maybe you should switch to 1:1 leverage for all accounts once the total balance goes over $1000 until you've had some time to think this kind of thing through?
EDIT: you also want a security@ account and a PGP key. I'm also happy to remove this discussion if you'd prefer that; I arguably shouldn't have posted the first post publicly.
I will consider this and focus on my algorithm design further.
I don't mind if you leave the discussion here. Hiding a problem is never the solution. :-)