I can't really speak to why SHA-1 is the hash of choice, however for BladeLogic's purposes, it seems very safe.
When they talk about a cryptographic hash being broken, that doesn't necessarily mean we can reverse what is hashed and extract keys. In the case of SHA-1, we actually can't do that. The papers released on SHA-1 describe how it is possible to determine collisions in something like 263 rather than 280 (brute force). That's still a massive amount of computation, and the best our attacker could hope for is a collision (meaning he now has another value, which could be garbage, that has the same hash as the one he is exploiting...or she). This could be a problem in cases where digital signatures are used. If I recall, if you have 10,000 custom ASICs that can each perform 2 billion hash operations per second, the attack would take about one year.