Very good questions. I'm excited that we're starting to see some higher level questions again.
1.) Payee addresses are arguably the less important aspect of privacy. As the sender, it's more important to protect your identity. The other side can simply be addressed by generating a new change address per payment. Between the two of these the system would be completely anonymous. Also, after receiving payment, your client will prepare the funds again, increasing their anonymity.
2.) There's not a perfect solution to this yet, but Masternode operators have an interest in getting more darkcoin and keeping their existing inventment as valuable as possible. By attacking the network, they would cause harm to their investment. Also, the client is resistant to DDOS attack currently and masternode operators are instructed to close all other ports and have some kind of DDOS protection.
As a longer term solution, we could not broadcast the IPs of masternodes, but an identifier. Users could then say they want to broadcast to that masternode, but not actually connect to it. This would hide the identities and create a much more robust system.
Indeed it was needed here I assume. I'm trying to get input from both sides which should be useful for the coin and for every individual who is interested in learning. I do agree that payee addresses are not that important. Privacy and identity is something that has been at risk over the past few years more than ever, it's obvious that it needs to be protected.
I thought so to, eventually there will be something that would give enough protection. Interesting that you though of an identifier, the system is better off set up like that. I'll try to get an insight from the other side again.