The biggest and really significant weakness of BTC is SHA-256, that is ASICs (which are a very genuine threat feasible for any dedicated attacker, getting a design and building a semiconductor fabrication plant can be had for a few $M). All renowned cryptographers agree that scrypt is far superior.
It is fairly easy to make a scrypt ASIC the only factor is cost. However the scrypt used in LTC (and clones) was modified to make it about 10,000 less memory hard then the recommended default value. LTC scrypt uses about 32KB of memory, a token amount in ASIC design. LTC likely will never become popular enough to warrant the kind of investment but if it does ASIC builders will move to that chain as well.
Your last line is a false statement. Please provide this extensive list of renowned cryptographers who believe scrypt is far superior. Scrypt has been far less extensively studied than SHA and thus has a higher risk of a cryptographic flaw. Of course SHA could also be flawed but other than maybe MD5 or AES there aren't many algorithms with more peer review. Extensive and long peer review is mandatory to ensure cryptographic strength.
The first paper on scrypt was published less than 5 years ago and that is a tiny amount of time in the field of cryptography. Also LTC (and clones) use a modified version of scrypt which is significantly less "memory hard" by a couple orders of magnitude. The LTC developers are not world renowned cryptographers, there has been no extensive peer review of the effect of these modifications. There has (AFAIK) been a single academic paper on the potential risks.
Simple version: In cryptography tried and true is superior to new and flashy. In time scrypt "may" become the defacto standard for key derivitive functions but that day isn't today.