while the failed audit is not a good news, this is important part:
"PoSA v1 is a fully anonymous system according to our audit, but it is not trustless.
It requires the active participation of nodes involved in the transaction. ............This is trust, like masternodes, and we dont want it in our system."
so, the coin is fully functioning anon, but not trustless - just like other anon coins. BUT they want it to be fully trustless, that is why they had the audit and continue to work on it.