A mining pool with a significant percentage of the hash rate could allow double spend attacks by the pool manager. There are a number of pools that approach this level. However most people say that a compromised pool would be easily detected, and the attack would be insignificant.
However, isn't this issue not about a single pool but the combined centralizing effect of pools? A moderately sized attacker could easily compromise more then a few pool managers with a rubber hose attack, or pose as legit pools for a while until they obtain nearly complete control of the block chain.
The attacker would be able to double spend a lot of bitcoins (that it generated for itself with its pools in the first place), and regardless of any monetary advantage it could destabilize and destroy confidence in bitcoin. Easily within the capabilities and motivations of a government. A well planned attack could happen far quicker then anyone could notice and pull their miners from the pools.
The short answer to your question is "yes".
Efforts are underway to develop schemes that allow pooled mining without the pool manager being able to control what transactions go into the pool's blocks, leaving that decision (as well as which chain to extend, so long as it is reasonable) to the individual miners. All the pool really needs is proof that the miner is mining for the pool.Tweet