"Any normal person can brute force millions of SHA-1 hashes (salted however much you want) per second on a GPU."
This is not true of bcrypt.