It's mostly historical, but also supported by the assumption that Linus thought about it when *he* decided to use sha1 for the same purpose.
With all due respect, "Because Linus did it." is a bad reason. To think no further than that would be irresponsible, even if Linus had just now made his decision, and even if Linus were a security expert. But in any case, there has been a significant new result making SHA-1 cracking practical *since* Linus made that decision, and Linus is not (and does not claim to be) a security expert. Here are the comments from some people whose opinions about security you should trust -- Bruce Schneier and Jon Callas. Note the timestamps. Linus chose SHA-1 for git in 2005-04. http://www.schneier.com/blog/archives/2005/02/cryptanalysis_o.html http://article.gmane.org/gmane.linux.kernel/294596/match=git http://www.schneier.com/blog/archives/2005/08/new_cryptanalyt.html Regards, Zooko