20 bytes is enough for someone who is creating their own address from a private key and doesn't involve someone else.  You get 160 bit security in that case (which is higher than the 128 bit security from the signature algorithm).

One size fits all means that people don't accidentally use the wrong hash size in the cases where there is a weakness.  It also reduces code complexity.