[njohnson41]

Cryptographic constructions using block ciphers generally rely on the block cipher never having the same input twice with the same key in order to satisfy security models.

If you're feeding effectively random data into the block cipher (like if you're using CBC), then because of the birthday paradox, you get at most about 2^32 blocks (far fewer in practice at a good security level) per key if you have 64-bit blocks. This is low enough to be annoying for designers or problematic for suites that don't rekey correctly.

However, because CTR (or GCM) mode uses sequential inputs to the cipher, I think that a 64-bit block size would not be a problem there. At that point, the reason not to use 64-bit block ciphers is because they're all older, weaker, and less-supported than AES-128.