I think I've found the answer to my question in the code. This is surprisingly well documented code, by the way.
So in file: https://github.com/blockstack/blockstack-core/blob/master/blockstack/lib/operations/namespacereveal.py#L113 Line, 113
It seems to indicate that the first virtual chain operation to reveal a name is the one that wins. So this prevents the first attack I mentioned because it masks the name, however the race condition still occurs prior to confirm for a reveal so that the first transaction to be confirmed in a block (as determined by luck or whatever) is the one that "wins."
This isn't really an attack. My concern was that there wasn't checks in place for multiple pre-registrations for the same address but the code here clearly indicates that this is checked for and it means that if someone wants to squat names they still obviously have to pay the protocol costs for a pre-registration.
(It might still be economically viable to squat a bunch of names in theory like this and only have to pay potential registration costs when there is demand for it. But the fact that there is a fee at all at least discourages that from happening and obviously the client is well-formed so the user always gets consistent notification if a pre-registration fails based on consensus.)
I was trying to determine if any steps in the process could be hijacked by an attacker but so far I've only found edge cases that are already noted in other documentation.
Edit: I should also say that it seems that pre-orders are considered invalid after a certain number of blocks (it seems to be 130 at the current time) So an attacker would have a 22 or so hour window to do the attack I described which really prevents much organization for wide-scale hijacking. This is a very good idea for the protocol. The code for that is here: https://github.com/blockstack/blockstack-cli/blob/bbda7c95c411d8fc0f1eb20715e28a35243e4fb7/blockstack_client/backend/queue.py#L334