Having to be online to be secure is a pretty big hole, don’t you think? Sure you could outsource it to some trusted party, but that feels awfully bank-like and I thought bitcoin was all about being your own bank. Am I wrong?
Watchtowers are not trusted parties and you do not have to be always online to be secure. There is a configurable period where you can broadcast a revocation transaction. Watchtowers can do it for you but it's designed so they cannot frame you. The penalty for broadcasting an out of date transaction is loss of all funds in the channel.
To summarize.
1. Attacks are extremely unlikely in the first place.
2. Watchtowers can prevent them if they do happen.
3. Watchtowers are trustless. They in no way resemble banks.
4. Without a watchtower you are not required to be always online to be secure.
