This means that in the event of a problem the reactor both shuts down and passively disposes of the decay heat so that it has not chance of going critical (starting up) again (which was a risk at Fukishima without active cooling).
At that point you can just let it sit there "forever" if you want. Not that you would of course, you'd want to clean it up.
The design has two passive cooling systems. The first uses natural circulation through the heat exchangers to the normal primary cold sink. The second uses radiative heat to the membrane to a pond intended specifically for decay heat. Either one alone is sufficient - so if something (like a tsunami) takes out the primary cold sink we can still cool the core. If despite this the core overheats then it drains to the fuel drain tank. There we have passive cooling using the membrane.
If the drain between the core and the drain tank fails AND the both other passive cooling methods fail to keep the core cool enough then yes eventually the core vessel will fail. In that case, the fuel escapes the first containment (the primary loop) into the can. The can drains to the fuel drain tank so we still provide cooling.
The overall concept is good, but there could be things that go wrong in the real world. How fast the heat ramps up vs the failsafe plug in the vessel melting, or the chance of some material failure shedding debris which could potentially plug the drain path.
Actually if you read the Oakridge reports those cases are considered. For reference this reactor would have both survived and shut down cleanly in both the Chernobyl (over driving the reaction) and Fukishima (30m tsunmai + 9+ earthquake) situations.
At that point you can just let it sit there "forever" if you want. Not that you would of course, you'd want to clean it up.