Look up long range vs short range attacks.

I assume you are referring to this: with p2sh the address is a hash of the pubkey. Shors algorithm is good at turning public keys into private keys. Since the public key is hashed its safe. When you spend it reveals the pubkey and is vulnerable to a double spend attack for a short time. Taproot addresses are not hashed, so any coin stored in p2tr are vulnerable to powerful quantum computers

Thank you, so basically spends are hashed but once you publicly announce your transactions you are the address.

Will do, thank you

Depends on the script type, and for taproot, the spend path.