What is the use of SPV (Simplified Payment Verification) if one needs confirmation anyway from a node that those UTXOs were not spent yet? Surely no malicious actor would be stupid enough to provide UTXOs with Merkle trees which dont match up. So checking for it only adds unnecessary overhead, especially if such tx is generated by a trusted PayMail host / wallet. See also: https://bitcoin.stackexchange.com/questions/43856/how-can-a-lightweight-client-make-sure-output-has-not-been-spent-yet