Is it really insecure in this context?
To my knowledge the only problem with SHA-1 so far is collision. Considering SHA-1 is 160-bit and there is a known structural weakness, it has a time complexity of 2⁶³ which is very fast. But in this context the security depends on ability to find a second preimage (since the message aka the pubkey and the hash of it is already known), and there has been no weaknesses found to help perform this any faster so this has a time complexity of 2¹⁶⁰ which makes it expensive enough to be secure.