"Perfect" auditability and "perfect" privacy are mutually incompatible. You have to make a decision on what you want and forgo the other. Or have something in between with the worse sides of both.
L2s don't solve this either as it has to make the same decision. Take ecash for example. Aside from the custodial elephant in the room - very strong privacy, although there are half-baked incomplete methods of auditing, it is not really possible.

Can't have your cake and eat it too