That's because protection was added (about a year ago I think) to rapidly broadcast detected double-spends through the network. Before the canary function, it actually used to be pretty easy to get a double-spend accepted into the network within 5 minutes of the first spend.
I don't believe that anyone's heard of a successful Bitcoin double-spend attack against a competent merchant yet.