Partially it's because we're talking about two different situations. I'm thinking mainly of someone actively trying to attack ECDSA, and the lockers symbolize private keys, not addresses or public keys. You seem to be thinking mainly about two people accidentally generating the same address.

In symmetric crypto, if there are no other weaknesses, then a key length of N bits means that you have to search through O(2^N) keys in order to break the cipher. There is no faster way on classical computers. This sort of perfect cipher is used as the security standard for all crypto; when someone says that something has 128 bits of security, they mean that it has the same security as a perfect symmetric cipher with 128-bit keys. My analogy is meant to illustrate that breaking Bitcoin's ECDSA is roughly O(2¹²⁸).

All asymmetric crypto has worse security efficiency than the perfect symmetric cipher. In the case of elliptic-curve crypto, a key length of N bits implies an equivalent security (vis-à-vis the perfect symmetric cipher) of no more than N/2 bits because there are known algorithms for solving the underlying elliptic-curve discrete logarithm problem in O(sqrt(n)) on classical computers. (Also, it's completely broken on quantum computers.)

If you're interested in an attacker who only has an address to work with, without any ECC stuff (ie. unused addresses), then 2¹⁶⁰ is a reasonable number. If you're considering collisions, which cannot usually be useful to an attacker, then 2¹⁶⁰ is OK, but then you need to consider the birthday problem. If someone really wanted to find a collision, then it probably can be done in a human lifetime, but almost certainly they would collide two of their own addresses, not one of theirs with someone else's.