Could you expand on what it means for the code to be "already being rendered in a context where it will be executed"?

I understand that we want bcrypt to be slow to prevent hackers from quickly brute-forcing passwords, but doesn't that mean the website will be slow for non-malicious users as well? Is the slowness of bcrypt just a trade-off we have to make to improve the security of login?

What happens if, against all odds, two hashes derived from different strings are the same? 

How does "reset password" work with bcrypt? 

If bcrypt is so much more effective because it is slow and introduces a work factor, is salt now effectively irrelevant?