Light wallets validates blocks by checking PoW in their headers. In Bitcoin, a header is 80 byte long, that's about 40MB as of today (~500k blocks since inception). Saving 39.9 MB on light wallets isn't worth starting a new blockchain.
No, my point is that light wallets don’t validate the content of blocks...so an attacker could create a long chain of invalid blocks and fool light clients. That’s a significant issue.
On this point, light wallets are just as protected as full node.
Light wallets are able to validate blocks just from their header, thanks to the structure of a block. Indeed, all transactions in a block are commited in a merkle root hash that is included in the block header, therefore it's impossible to invent fake transactions without forging a whole new branch of blocks, from the fake block up to the last block. Just like for a full node !
Light wallets are not perfect though, potential attacks are summed up here, slide 13: https://breaking-bitcoin.com/slides/SPVSecurity.pdf
Coda doesn't improve on this issues at all.
Also, argument of authority: I work for a wallet provider
I’m not sure why there is a misunderstanding here, especially given that you work for a wallet provider. The attack is as described: an attacker forks, mines invalid blocks, which are caught by full nodes, since they validate the contents of blocks, but not by the light client - assume for simplicity that the client connects to the malicious node and doesn’t do anything more than calculate PoW. The SPV client trusts an invalid blockchain, fault occurs. Coda is designed precisely to avoid this problem, and any solution that requires trusting full nodes, because it provides constant time verification of all of the contents of every block.
