So the way to "collect" those coins is to post the solution to the hash collision and, as a followup challenge, something encrypted with your public key so only you can decrypt it later on. Correct?
Yes. And in this case you have to be quick and maybe need some luck. Because everyone could try to get those coins you have to be the one that gets his transaction included in the block chain first.
If Google had not publish the collision but you found it yourself, miners could still just steal the collision from your transaction, throw your transaction away and spend the coins themselves.
Actually everybody could just watch all new transactions, steal your collision once they see it and try to front-run you. So this kind of challenge is not really a good idea in general, at least not in this simple form.
With normal transaction this is not an issue because there you only reveal a signature proving that you know the private key, you do not reveal the private key itself and therefore others can not sign their own transaction and try to front-run you.
[...] and, as a followup challenge, something encrypted with your public key so only you can decrypt it later on.
That is not entirely correct, as mentioned above this works by signing and not encrypting. Everybody and especially miners have to be able to verify your transaction but they could not do that if you simply encrypted something. Well, they could if you published the private key but then you get into said front-running issue.
If Google had not publish the collision but you found it yourself, miners could still just steal the collision from your transaction, throw your transaction away and spend the coins themselves.
Actually everybody could just watch all new transactions, steal your collision once they see it and try to front-run you. So this kind of challenge is not really a good idea in general, at least not in this simple form.
With normal transaction this is not an issue because there you only reveal a signature proving that you know the private key, you do not reveal the private key itself and therefore others can not sign their own transaction and try to front-run you.
[...] and, as a followup challenge, something encrypted with your public key so only you can decrypt it later on.
That is not entirely correct, as mentioned above this works by signing and not encrypting. Everybody and especially miners have to be able to verify your transaction but they could not do that if you simply encrypted something. Well, they could if you published the private key but then you get into said front-running issue.