However, lets imagine for a moment that ECDSA is broken in such a way that the time to crack a private key from a public key is reduced to 6 months.
If I always use a new address for every transaction, then all of my bitcoins are protected by SHA256 and RIPEMD160.
If you have an address that you've re-used, then you might have bitcoins sitting out there on the blockchain with their public key exposed. An attacker can spend the next 6 months working out your private key and then steal your bitcoins.
If I send a transaction, the attacker has (on average) 10 minutes to figure out the private key, craft a replacement transaction that pays the bitcoins to him, and then convince a miner to mine his transaction instead of mine.
Which is safer? Your bitcoins sitting on the blockchain with an exposed public key allowing the attacker to continuously try to craft a transaction that takes your bitcoins until you get around to sending them to a new address? Or my bitcoins that have a window of 10 minutes on average to try to both crack the key AND convince a miner to accept a double-spend transaction in place of the existing one?
The increase in security from using a new address for every transaction is quite small, but it is still better than re-using addresses.
Using a new address for every transaction can also increase your privacy a bit.
I am not arguing that it is not harder to steal or doesn't increase privacy, which is obviously true.
But the value of Bitcoin depends on being able to transact securely. If there is a 6 month attack with independent trials, and there are 6 miners attacking, then every month some transaction will get stolen.
What would the value of Bitcoin be? Would anybody still give a dime for a Bitcoin in such scenario? What would be the use of being the "more secure" owner of a worthless coin?