In my opinion, it's overly pessimistic to design the protocol in an insecure way because some light clients historically have taken shortcuts. If the protocol can provide clients the option of getting additional security, it should.
 

On the general topic, Peter makes a good point that in many cases filtering by txid of spending transaction may be preferable to filtering by outpoint spend, which has the nice benefit that there are obviously fewer txs in a block than txins. This wouldn't work for malleable transactions though.

I'm open to the idea of splitting the basic filter into three separate filters based on data type, but there are some bandwidth concerns. First, the GCS encoding gets better compression with a greater number of elements, though as I recall in my analysis, that starts to tail off at ~1000 elements per filter with P=20, in which case it's not as much of a concern given current block sizes. The other is that clients need to download and/or store the filter header chain for each filter type, which are 32 bytes each per block. So if a client is expected to download all three filter types anyway, or even two of three, it's less efficient in these terms. It would be possible though to split the filters themselves, but still have the basic filter header cover all three filters. This would mean that full nodes could not support just a subset of the basic filters -- they'd have to compute all of them to compute the filter header.