SHA-1 & SHA-0 have been found to be vulnerabe.
I'd say: Performance-wise for most year 2008 hardware when there were more x86-based PC than 64bit.
SHA512 might be faster for 64bit systems but SHA256 is better for 32bit... Also the bandwidth.
Both have ties to NSAOut of all possible options at the time, why did he go for sha256 given its ties to NIST/NSA?
I have a feeling that this isn't about the technicalities but some sort of conspiracy theory?
Ask him directly:
Satoshi