I'd say the # of people trying to hack p2sh scripts by finding collissions is a far smaller subset of folks than those trying to hack bitcoin private keys.
You don't need to "hack" a script to find a P2SH address collision. All you need is a locking script which hashes to the same final address. The locking script could be as simple as a signature from a single private key (i.e. just the same as a standard legacy address). Currently more people are probably trying to find collisions with legacy addresses since as a set legacy address still contain the most amount of value when you consider all the early untouched coins, along with insecure brain wallets generating legacy addresses. Who knows if this will change in the future as segwit addresses become the most common.
It all has to do with the risk:reward ratio.
There is no reward. You will never find an address collision unless the address has been generated in an insecure manner.