I am slightly mistaken. Without checkpoints that prevent a longer chain from going too far backwards in time, a broken SHA-256 could be a serious threat.
If Sha-256 is broken i think the coin is screwed anyway. I mean even private addresses will be a lot less secure.
If I understand correctly, this is important for example because your public address is not revealed until you spend from it. I believe this is a reason why it is suggested not to recycle addresses.
And if elliptical cryptography is ever broken (Schneier and others already don't trust it too much, Lamport signatures is solution to quantum computers), having the public key shielded inside of a SHA-256 hash adds another layer of security. There is some discussion between gmaxell and myself (and others) on that subject a couple/few of months ago in the forum.
But once you've spent an address that risk is gone on the spent address.
So I guess there is some notion that we could quickly update all the hashes on unspent addresses to a new hashes. In the interim, the hacker would only get to know our public keys not our privates ones.
Or am I missing the point?