That depends on whether wallets use Taproot correctly. Most will probably just set a public key and completely ignore the script path, because privacy gains only begin when you have at least two TapScripts.
Yeah, fair point.
I've mentioned before about implementing script-path only taproot addresses. In that linked thread it was in relation to concerns that P2TR addresses were more vulnerable to quantum attacks then P2WPKH addresses. But at some point in the future we will probably have to phase out all addresses which reveal the public key, if not all addresses based on ECDSA altogether.
There's only a risk of unlimited ZEC *within the old Sprout/Sapling pools*. There is no risk of that unlimited ZEC getting out to either the transparent or the Orchard pool due to turnstiles.
Sure, but there is still a risk that someone generates unlimited ZEC within the Sapling pool and simply keeps it all within the Sapling pool. Turnstiles only prevent that ZEC from leaving the Sapling pool. With unlimited ZEC inside the Sapling pool, the attacker could still use it to trade, sell for other cryptocurrencies or for fiat, to buy goods and services, etc., and it could be an arbitrarily long period of time before such an attack was discovered.
So the only risk is to people who keep ZEC in the old shielded pools in case the turnstile prevents them from getting their funds out due to someone else having inflated funds moved out.
I disagree with this. If it became clear that the attack I outlined above had happened, and that there were millions more ZEC in the Sapling pool than expected, then the value of ZCash would tank, regardless of what pool your money is in. The coins of the users in the new Orchard pools would be protected from the rampant inflation by the turnstile, sure, but they wouldn't be protected from the general loss of confidence in the asset as a whole.