I do not think the CAS construction (described in the hackmd) is sufficient for safety. Consider the following attack: Alice owns 10 eth in the plasma chain. Bob and the operator collude to send Alice some amount of eth that is known to Bob and the operator but unknown to Alice. The transaction data for this transaction is withheld, however the CAS cannot be challenged. The end result seems to be that Alice cannot exit her 10 eth any more, since she no longer has the witness data necessary for an exit.