So that's notionally 40 years under Moore's law. There are a lot of unknowns obviously, bit that's still a lot more concerning than the naive calculatikn that says there isn't enough energy in the universe to try enough inputs to find a collision. It will be interesting to see if / how this gets revised down in the future
I don't think so, since computing a (double) SHA256 hash is vastly cheaper to compute than multiplying an elliptic curve point with a scalar. So much so, that by default (assumevalid=1), Bitcoin skips verifying signatures up to some recent date in its initial sync.