In the actual implementation exist a quite hard Scrypt password hashing.
About the safecoin spam, the idea is that the computational work for the sender will be high enough to be inefficient as attack. Remember that, unlike bitcoin or other cryptocurrency, the sender must sign and send the order of each safecoin or each division. If the attacker wants to really bother the network with thousands or millions of transaction must made an enormous computational work.