It's worth noting that Git's hashes guard against accidental corruption; they aren't widely thought to be strong against attack by an intelligent adversary.
That's true, and AFAIK Linus says much the same. SHA1 is used for practical purposes and not security in the face of a determined attacker with cryptanalytic ability.