1. Developers are capable of changing to PoW if a vulnerability in PoSv2 presents itself, yes?
Not really. It is a huge change to the social contract to do that. The overall community could do it with sufficient consensus, but good luck.
Anyone have any opinions on the anonymous tokens that Shadowcash uses to destroy and mint new coins and conduct ring signature transactions?
The anonymous tokens are just coins. They have two different signature styles on the blockchain, Bitcoin-style and Cryptonote-style. The latter are what they call tokens.