People are not forced to use Segwit. In case of breaking ECDSA someone will move that coins: the true owner or the attacker.
In case of breaking ECDSA, someone
who reuses addresses should move the coins. If you never reuse an address, you're not fearing of such scenario. Your public key is been seen hashed by the attacker, which leaves them no other option than diving into the brute force of 2^160 addresses.
Of course for some applications tons of noise is beneficial, but not for solving ECDLP or reversing SHA256.
Isn't that a bad formulation? Saying that you can reverse an SHA256 hash, means that there is, specifically, one. But, there may be more. In MD5 there have been collisions, but
reversing that hash would be considered utopian, because there
at least two opposites of what it was.
Also why would an attacker want to reverse an SHA256 hash in Bitcoin other than getting the ECDSA public key?