If you remove things from the instruction set, any code that uses them will either crash or run very slowly in emulation.
Most uses of special instructions will check feature bits or CPU version, but not all will do so correctly.
(I'd say that the additional area cost of something like this is small, and the big cost of special instructions is reserving opcodes and feature bits)
Short story: because its role as a crypto hash function is sort of obsolete given that it's been proven to be broken, and faster, more secure alternatives exist.
But for all practical purposes, SHA1 isn't about to disappear. MD5 has been shown to be broken since forever and people still write new code using it today.
The thing with SHA-1 is that we know (and have known for a decade) that is not a good cryptographic hash function. It is still, along with MD5, a good hash function if you control the input, i.e. in a hash table.
Yes, but those are widely implemented and thus available more or less everywhere. I'd rather use a slightly less ideal hash function, than use an untested one.
Most uses of special instructions will check feature bits or CPU version, but not all will do so correctly.
(I'd say that the additional area cost of something like this is small, and the big cost of special instructions is reserving opcodes and feature bits)