The soundness of Bitcoin's crypto doesn't seem to have been analyzed by third parties yet. There's nothing in Cryptologia or sci.crypt. Until there's agreement in the crypto community that it's sound, I'd be suspicious.
Bitcoin doesn't really do anything new from a cryptography perspective. It signs transactions with public keys and assumes that there isn't an easy way to find a specific SHA256 hash short of brute force.
Transactions are not very anonymous. If you spend a coin with a server, the server now knows your public key, and can associate it with any other identity information it has for you ( IP address, Facebook login, shipping address, etc.)
A new public key is usually generated for each transaction, so this doesn't actually tell them anything.
Systems like this detect duplicate spending of the same item, but you can't tell if someone has a duplicate but unspent copy of your coins. So you don't know your money been stolen until you try to spend it.
I don't think you've quite understood how the system works. The situation you describe can't happen without the entire network being subverted.
There's also the technical problem that "new transactions are broadcast to all nodes". That won't scale.
This isn't quite correct either. There is a simplified payment verification method that doesn't require the full block chain. The Bitcoin network just needs enough full clients to make it infeasible to subvert the network.