The PoS governance mechanism is entirely vulnerable to nothing more than stake. This was proved by the events that necessitated the creation of Hive. AFAIK, the only security Hive presently has from external stake successfully prosecuting such an attack by no more sophisticated means than buying stake is the 30 day moratorium on stake voting witnesses.
It is utterly facile to buy accounts or tokens through various and myriad cut outs available to state actors and deploy them after that 30 day moratorium has expired. Such stake based attacks could instantly replace a consensus and implement code. No hack required at all.
Absent implementing radical changes in governance, I don't see any route to security from such attack. Only basing governance on other metrics than stake are potentially competent to secure Hive from such vectors.
That is why I advocate promoting other values and deprecating stake. It's also obvious that extant stakeholders will not be willing to do so, and that such attacks represent golden parachute exit strategies to that demographic.