In the unlikely event that secp256k1 is ever totally broken, there is still the hashing problem to deal with.
As in, even if someone can find the private key for every possible public key, most public keys aren't known, only the RIPEMD160(SHA256(public_key)) is in the blockchain, unless you re-use addresses, which everyone has been warned not to do.
I always thought address reuse was mainly to protect privacy somewhat - would you mind explaining this more? How does address re-use let the public key be known?