Today, not so much. But once the day is here where we have CRQC, if ATProto hasn't yet started using post-quantum cryptography for identities, users are either vulnerable or a bunch of stuff will break once they push a hotfix to make users not vulnerable.
Alternatively, they fix these things now, so once CRQC arrives, it's already not a problem, and no gets compromised nor have to urgently update their software.
DIDs are rooted in ECDSA keys (secp256k1). Each user identity is a non-PQ cryptographic commitment. These ecosystems must start migrating very soon because if CRQCs arrive before they're done, they face a choice between user compromise and bricking accounts.
I'm not sure it says much, but I met the person who wrote the post you linked to at ATmosphere this year. To me that says that maybe they're not as worried as you about ATProto's PQ exposure. I overheard lots of discussions about the topic, but I'm not an expert so I can't give much more insight than that.