A valid criticism of Bitcoin's design?

[makomk]

tl;dr: ECDSA will break terribly, but we can use another pubkey algorithm if necessary, and all addresses with no spent coins should be safe since they're also protected by the hashes.

Except for unspent block rewards from early on in Bitcoin's life, which were all pay-to-pubkey and therefore not safe. There's actually quite a few of those from what I recall.

[niko]

Realistically though, it is only a matter of time before these can be solved in polynomial time, or computational processing becomes so fast that it doesn't matter for the number of bits employed.

(Snip)

As, my occupation is systems design and development, I would consider myself closer to a potential user than ordinary persons, and I wouldn't even consider using Bitcoin for anything. 

I wonder if he would consider using HTTPS.

[gmaxwell]

Except for unspent block rewards from early on in Bitcoin's life, which were all pay-to-pubkey and therefore not safe. There's actually quite a few of those from what I recall.

Sure, they are the canaries in the coalmine. 

[Raize]

This company claims it's not just theoretical (but I think those "quantum computers" - if they're real - can't break ECDSA right now): http://www.dwavesys.com/en/products-services.html

You would be correct. I'm pretty sure D-Wave's computers couldn't break ECDSA. Also, there is a debate (more like a universally-empathetic rejection) as to whether or not he's built an actual quantum computer. My opinion is that he's got a really complex analog computer, but it is not a Turing state machine using qubits. 

http://www.wired.com/wiredenterprise/2012/02/dwave-quantum-cloud/

I'm glad he's doing research in this field, but I'm a bit peeved (as is everyone in his field, it would seem) that he's marketing it as quantum computing.

[Scrat Acorns]

This company claims it's not just theoretical (but I think those "quantum computers" - if they're real - can't break ECDSA right now): http://www.dwavesys.com/en/products-services.html

D-Wave produces an adiabatic quantum computer with a lot of limitations (high noise and error rate). It can only solve particular problems that are solvable by quantum annealing with very high error rates, such as protein folding. Running Shor's/Grover's algorithms with that amount of decoherence would produce nothing meaningful. And I'm not even sure you could construct Shor's algorithm in such a way that it runs in a D-Wave computer because their implementation is very specific and not general purpose.

TL;DR decoherence fucks you up

And as others have said, classic cryptographic algorithms that are impervious to quantum computers do exist. It is the general consensus that quantum computers will never be able to solve NP-hard problems. If a quantum cpu is close to factoring large numbers everyone will see it coming, and new algos will be implemented pretty much everywhere, not only for Bitcoin.