in this magic future of quantum computing you will be able to do that without the public key as well
This isn't the case. QC only gives a sqrt(N) speedup
for generic blackbox non-linear inversion. So on a magical pixie dust computer a 256 bit hash function has the same security as a 128 bit hash function has on a classical computer that does the same number of operations per second.
There are QC strong versions of all the applicable cryptographic operations, we don't use them only because they have much higher overhead (like 16kbyte signatures), but the mass media loves to over-hype the capabilities of (still non-existent) quantum computers so you never hear about them.
The scheme of H(pubkey) addresses in Bitcoin is a bit of insurance against many kinds of ECDSA (classical or otherwise) weakining.
P2SH (of any kind) largely preserve this property, though they may slightly increase exposure to classical cryptanalytic attacks because they allow an attacker almost arbitrary stuffing to produce a matching address without also having to solve the discrete log problem. E.g. with current addresses an attacker doesn't just have to find a preimage, he'd have to find one that he knows the ECDSA private key for. Under P2SH there is a wider variety of acceptable inputs.
That said, even if we used the now-compromised MD5 algorithm the practical MD chosen prefix collision attack there couldn't be used to steal random people's money with P2SH (because it requires the attacker produce both messages, it's not a preimage attack) though it might permit an attacker to generate an unusual escrow script which could also be redeemed under a second set of rules. (Not that this weakness exists with our SHA256 much less the HASH160, but I think its useful to reason about how the system would work with parts replaced with compromised versions).