I already asked in the comments of the original article how many rounds of sha1 are used. SHA-1 still isn't the best, since it yields to FPGA attacks, but a single round can brute-force all 8 character passwords in less than 2 days on a GPU. My guess is that 10k rounds of sha-1 would probably not be feasible for non-dictionary attacks without specialized hardware.
You can salt all you want, but an 8 character password with a single round is going to fall very, very fast. Salt, being public, has nothing to do with it.
It does however mean you have to spend two days per password, rather than two days for the entire user base, or ten minutes with a pre-existing lookup table.
In my opinion it is not. Here is the common use case for people: 66% of them use 8 character or less passwords. Forget about the common longer passwords like "letmeinplz" just doing a brute force would give them 66%. In terms of loss, even 1% of passwords being compromised is bad since many people use the same password for multiple things.
Now, how long would it take for people to take down bcrypt? in the scale of time bcrypt is all the way over there -> from SHA1 and cleartext. Bcrypt will protect you even as computers get faster. SHA1 a couple decades from now will be be compromised for 9 or maybe even 10 characters. No way with bcrypt.
Your second point makes no sense, bcrypt factors are manually increased and require a new write for every item in the store. If we time capsule the SHA1 hashed db of passwords and the Bcrypt db for 10 years you cannot prove that the SHA1 database will be more easily compromised than the Bcrypt database. There may be a cryptographic break in blowfish in the time.
They don't mention a work factor for their SHA1 hash storage, they could be using PBKDF2 for all we know.
If you're looking for something to pick on about Linode here, go after something else, this isn't the worst thing to come out today.