1) Coinjoin as I see it adds some plausible deniability but the taint is still there. Anonymity is probably not the right word. If one of the input addresses is considered a red flag, all you've done at the end is generate a little extra work for researchers who now need to follow all the outputs to see who took the money.
The way I see it, this is not true. No amount of extra work will enable researches (or whoever) to prove address X is now the owner of the "red flag coins". Any of the output addresses of the coinjoin tx could be the "real" owner.
Please explain if I'm wrong.