From the bitcoin paper:
What is needed is an electronic payment system based on cryptographic proof instead of trust, allowing any two willing parties to transact directly with each other without the need for a trusted third party. Transactions that are computationally impractical to reverse would protect sellers from fraud, and routine escrow mechanisms could easily be implemented to protect buyers. In this paper, we propose a solution to the double-spending problem using a peer-to-peer distributed timestamp server to generate computational proof of the chronological order of transactions. The system is secure as long as honest nodes collectively control more CPU power than any cooperating group of attacker nodes.
Bitcoin: A Peer-to-Peer Electronic Cash System
Emphasis added by me.
Consider that CPU power may be bought (or even rented) with money. Now consider that there are ruthless sorts of people in the non-bitcoin world with lots of money who will take more of it when they can. The only thing stopping them from buying up a few supercomputers and taking all the existing bitcoin money is a cost-benefit analysis. CPU power N costs an average of $X (and much less when you buy in bulk, I might add), and the money in the bitcoin habitat is equal to $Y, protected by existing users with their dinky little laptops totaling CPU power M. At any time, the ruthless sorts can pay X to achieve N > M and take Y, which is greater than the initial investment X.
Therefore, the only question is when this attack is the most profitable. Further, I suspect that bitcoin’s currency may also be destroyed from within in the same way as USD, by using this exploit to implement fractional reserve lending.