Just as everybody else and his dog, I too will mention that it seems SHA-1 has been broken, more or less. Bruce Schneier is probaby the best source on the subject.
A brute force attack on SHA-1 would take 280 operations, the not yet really published paper reduce this to 269, still quite a lot, as illustrated in jlouis' literate Haskell mail. But it is a major thing, we're now left with RMD-160 for really sensitive applications, and it is slower than MD5 and SHA-1:
Running md5 -t http://www.openbsd.org/cgi-bin/man.cgi?query=md5 MD5 time trial. Processing 10000 10000-byte blocks... Digest = 52e5f9c9e6f656f3e1800dfa5579d089 Time = 1.454656 seconds Speed = 68744775.397070 bytes/second
Running sha1 -t http://www.openbsd.org/cgi-bin/man.cgi?query=sha1 SHA1 time trial. Processing 10000 10000-byte blocks... Digest = 74a57b897cc581defa5b3a359fa762a1b83a60e8 Time = 2.524668 seconds Speed = 39609168.413431 bytes/second
Running rmd160 -t http://www.openbsd.org/cgi-bin/man.cgi?query=rmd160 RMD160 time trial. Processing 10000 10000-byte blocks... Digest = 844da858884a72f265e35fd52b5ac88d27154417 Time = 4.010691 seconds Speed = 24933359.363761 bytes/second
It may be OpenBSDs implementation that suck, but I doubt it.
I can't remember reading about a practical application defaulting to RMD-160, but I guess it may start to happen. The silver lining is that it doesn't affect HMAC as used in IPsec, so I guess it ain't all bad.