Just on PAIRCOMMIT itself. I think until now, people have always thought about using OP_CAT for building merkle trees and branches in Script. It’s easy to leave vulnerabilities when doing that though, as the 64-byte tx vulnerability that the Great Consensus Cleanup fixes has shown.
To do a merkle tree branch check safely with OP_CAT, you always have to first check the size of the pushes to avoid byte shifting attacks on the content of the nodes. The script would en up looking something like OP_TOALTSTACK OP_SIZE <32> OP_EQUALVERIFY OP_2DROP OP_FROMALTSTACK OP_CAT OP_SHA256 for each node in the tree branch. This is 9 bytes instead of the 1-byte OP_PAIRCOMMIT. This is a simplification, in practice you’ll also need to know which side of the tree you’re taking, so another piece will have to be added for that at each level, but this will also have to be added to PAIRCOMMIT.
Not sure if a 9 bytes saving is sufficient motivation for an opcode.