Let me make this real clear: SHA256 is part of the cryptographic underpinnings of bitcoin itself.

All the client software and exchangers and third party sites and password practices of users themselves are a completely different problem and horribly insecure by comparison.

But SHA256? No worries. It won't be broken in a way useful for forging bitcoin transactions any time this decade, and probably not this century or the next...