Asset Borrowing for Voting: Someone could borrow a large amount of DOT (e.g., via lending protocols), use it to vote on decisions that benefit them (or harm the network), and then immediately unbond and return the loan within a very short timeframe.
This won’t work. Voting creates its own lock, though, anywhere from the time of the Referendum (with 0.1x worth of the vote) to 224 days. Polkadot OpenGov - Polkadot Wiki
Security Instability: In the event of market panic, a 24-hour unbonding period allows for a mass simultaneous withdrawal (bank run). This could drastically reduce the total economic security (Total Value Locked for staking) within a single day.
This also won’t work, since there are limits to how much DOT can be unbonded in a 24 hour period due to the Unbonding Queue. See RFC-0097: Unbonding Queue - Polkadot Fellowship RFCs
The Risk of Fast Unbonding (24-48 Hours): If an attacker commits a malicious act, they have an extremely narrow window to withdraw their assets before being caught. If the detection and governance voting process takes longer than 48 hours, the attacker could escape with assets that should have been “seized.”
In terms of individual accounts - This would only be true if malicious acts were done with staked DOT. This is really only limited to getting a copy of someone’s private key or otherwise controlling their account. However, in this case, the problem is just pushed back since you have two “owners” of the account (according to the rules of the chain). You are correct, though, in this particular instance, the owner would have less time to react.
In terms of malicious acts by validators (backed by staked DOT of nominators), you are correct that the nominators could move that DOT away after nominating a malicious validators. However, note that validators have their own staked DOT which would also be at risk here. See Proposal: Dynamic Allocation Pool (DAP)