I am pretty sure, Satoshi Nakamoto must have thought about the possible problems there has to be a solution, but exactly where?
There are a couple of quotes from Satoshi I am aware of which are relevant here:
SHA-256 is very strong. It's not like the incremental step from MD5 to SHA1. It can last several decades unless there's some massive breakthrough attack.
If SHA-256 became completely broken, I think we could come to some agreement about what the honest block chain was before the trouble started, lock that in and continue from there with a new hash function.
If the hash breakdown came gradually, we could transition to a new hash in an orderly way. The software would be programmed to start using a new hash after a certain block number. Everyone would have to upgrade by that time. The software could save the new hash of all the old blocks to make sure a different block with the same old hash can't be used.
However, if something happened and the signatures were compromised (perhaps integer factorization is solved, quantum computers?), then even agreeing upon the last valid block would be worthless.
True, if it happened suddenly. If it happens gradually, we can still transition to something stronger. When you run the upgraded software for the first time, it would re-sign all your money with the new stronger signature algorithm. (by creating a transaction sending the money to yourself with the stronger sig)
Quantum computers will not break bitcoin overnight. It will decades of slow progress that everyone can see coming before they become a threat, and they will break many other weaker algorithms along the way. They also only provide a linear increase in the speed to find a hash collision (as opposed to an exponential increase in the speed to solve the ECDLP), and so are unlikely to be able to break SHA256. But if it ever was to become a concern, then as Satoshi has said above, we will have plenty of time to transition in an orderly way to new quantum resistant functions and algorithms.