1) so far it is manually done by humans, node operator. Neighbors are necessary because they form the P2P environment. Bitcoin nodes have neighbors too, but they have automatic peer discovery. Because it is not convenient, it helps to mimic the inertia of a "natural" mesh network which strongly increase the cost of an omnipresence attack
2) Do not remember about alpha L and N, but what I understood from hours of reading on iotatangle.slack.com : it does not say that it is not good to not enforce, it considers that it is impossible to enforce. So the protocol do not enforce but assume most of users will use the selection strategy of reference. The validity of this assumption rely in the fact that iota targets IoT devices likely to be initially equipped with the reference protocol (and then be forgotten..). Not following, it may indeed arm the network, but you can still do it. I'm not entirely sure, but it is quite possible that, repetitively not following the random tip selection strategy, could make it more difficult for your own transactions to be confirmed, because, if most users randomly walk the paths to pick up tips, your hand picked set of transaction would loose his random property and will have lower probability to be selected.
Then, a little of hand picking does not arm and can be done, but a lot, will produce no benefit to you. Unless you have more power than the rest of network and manage to be present (omnipresence neighboring) with the most active part of it. If not omnipresent your computing attack will diffuse as a wave and will lose energy far away from you.
The more low bandwith network in the ioT environnment, the more damping your wave will face.
in Iota, there is a continuous flow of transactions which means that at time t, no node has the entire tangle, they do not see the same part of it. There is always a risk of double spent but as a merchant, the more you wait, the more probability of confirmation you get.