One issue with any reliance on exit games as a response to block withholding is that since there is no authority on whether a block was withheld or not, there HAS to be a mechanism of priority to exist from earlier blocks. This leads to an attack of preloading a chain with lots of tiny accounts that will get priority over everyone else, and hold everyone’s money hostage indefinitely.
The only solution I see to such an attack is that users should refuse to put money on a chain that was loaded, and exit immediately if it was.
There is of course a race condition in deposits: the operator can go rogue just after a series of huge deposits, and before acknowledging them on his chain, so you’re never sure you’re safe when you deposit. To address this race, deposits must require a two-phase commit of some sort between the two chains.
As to when a chain is considered “loaded”, it should depend on the answer to the question: “how long are you willing to wait for an exit?” — consider how many accounts already exist on the blockchain, and how long it will take at the longest for them to all exit in the worst case, because that’s how long it will probably take.
In the end, that means that a Plasma chain probably cannot scale in terms of number of simultaneous users, and might even need a way for the operator to reject users and/or expel them from his chain, so as to make space for active users (alternatively, he could perhaps atomically move chunks of active users to a new chain).