256 bit ECDSA keys have 128 bits of key strength.  It requires 2^128 operations to brute force the privKey from the PubKey.  This assumes the PubKey is known.  If it isn't the an attacker would need to attempt a hash collision against the PubKeyHash, looking for any privKey which produces the same PubKeyHash.  That would require on average 2^160 operations.  Yes the PubKeyHash is oversized.  Bitcoin would have similar security (when PubKey is known) is the PubKeyHash was only 128 bits (i.e. RIPEMD-128 or XOR the left and right 128 bit sequence of SHA-256).

As for key stretching reducing entropy is depends on how it is implemented.  I haven't looked at Electrum source code but PBKDF2 was created to remove the entropy loss associated with PBKDF1.