One question I have about CDR is how we would distinguish between a quantum vulnerable address whose public key is still hidden and those addresses with public keys that have been revealed?

Could an attacker who knows your public key "race" you to get their commitment tx in a block, commuting your coins to their QR address?

Perhaps we say p2pk and p2tr are not eligible for CDR, but what about reused addresses or leaked xpubs? How do we know the CDR commitment transaction is actually being made by the true owner of the coins rather than someone who managed to gain access to their pubkey?

Wouldn't this kind of turn public keys into private keys? (I feel like I must be getting something wrong here).