Compatibility and transitions are a thing. If you want to add a note to the sha1 page that Google spent $110K to find one sha1 collision, fine. md5 is much less secure than sha1, yet there are still uses for it today. You can't just say "from today on, this hash can never be used again, anywhere". Hashes get stored. We have to deal with that.
Some details about Google's collision from their blog post: We then leveraged Google’s technical expertise and cloud infrastructure to compute the collision which is one of the largest computations ever completed. Here are some numbers that give a sense of how large scale this computation was: * Nine quintillion (9,223,372,036,854,775,808) SHA1 computations in total * 6,500 years of CPU computation to complete the attack first phase * 110 years of GPU computation to complete the second phase" I agree with you about the secureHash name. I never liked it because it's too vague. I realize that it is Nim style to not use module names, but to me, sha1.hash(data) is a lot easier to read than secureHash(data) and knowing that secureHash comes from the sha1 module.
