[snip]

You can't have fungibility and transparency at the same time. Sorry. All units have to be cryptographically indistinguishable, and having a large amount of transparency in the ledger only serves to reduce the anonymity set (and reduce the fungibility as a result).

Monero is currently the most fungible crypto in existence. Maybe some day if zerocash works out it's kinks it will take monero's place. Darkcoin isn't a contender in that regard (though it's privacy tech can be debated).

You are asking questions that (you know) nobody has an answer to. "Assuming the NSA has enough resources to bring down drk/dash, how much money/resources would someone else need?" Nobody knows, which is why you should stick with the best freakin tech available (ie. not dash).

Also, a lot of us (perhaps not you) are interested in monetary privacy for the specific reason that we don't want NSA-level organizations spying on everything we do. Your "anyone other than NSA" question is pointless to those of us in that category, because they are exactly the type of adversaries we're concerned about. Sure, all crypto projects are vulnerable at this point, but some have a much more "optimistic" future than others.

This should also answer your "fit-for-purpose" question. You still haven't defined exactly what "fit-for-purpose" means, but the answer is unquantifiable regardless. If you're willing to trust an inferior solution that you think is "good enough" (while being full aware of all the other shady practices surrounding this project), then there's really nothing more we can do to convince you otherwise.