Bitcoin uses ECDSA for its digital signatures, which is a public-key cryptography algorithm.

Most of these kind of algorithms (including ECDSA and Taproot's Schnoor) rest on the assumption that deriving a public key from a private key (i.e. a secret number) is trivial but deriving a private key from a public key is impossible/impractical. Quantum computers makes this practical, therefore someone with a beefy enough quantum computer would be able to get the key of whatever onchain UTXO he fancies, with a caveat:

And that is that most UTXOs don't show the public key that unlocks their bitcoin. They show it's hash, and the hash is quantum resistant. The public key is only revealed when you spend the UTXO. Therefore your legacy and native segwit UTXOs would be theoretically quantum safe as long as you don't reuse addresses.

Counter silver lining: Taproot UTXOs reveal the recipient's public key directly, not it's hash. Most of the onchain byte savings comes from that tradeoff.