Considering the collision exploit that set this whole thing off has only just been carried out in practise at a cost of $7.4m I'd tend to agree with you...
How we got here:
We have known for more than 10 years that SHA-1 is weaker than intended. The result of this weakness is that eventually, using the same approach as in Google's Proof Of Concept this week, bad guys would be able to make two documents which SHA-1 treated as the same, if the documents were SSL certificates instead of PDF files, this would enable bad guys to present one certificate to be signed, but then actually use the signature on a different certificate. Like if you got some fool to sign a blank cheque.
This really happened for SHA-1's predecessor, MD5, academic researchers got themselves a bogus certificate this way in 2008, and James Bond types seem to have done it again in the "Flame" malware program which has a fake Microsoft certificate. Both were MD5 which we knew should have been phased out but it wasn't for ages.
By 2014 it was apparent that this would happen soon for SHA-1 too. Certificate Authorities agreed to stop issuing all SHA-1 certificates before 2016, and Browser vendors agreed to stop accepting these certificates in 2017.
The idea was that if you can't get a new certificate, you can't use the attack (you can't use this attack on an existing certificate, it's just a way to trick people when issuing a new one), and if browsers stop trusting the certificates, there will be no incentive to break the rules and issue one anyway. During 2016 we had a few dozen incidents where we caught CAs issuing old SHA-1 certificates "by mistake" and some got in lots of hot water for it, but overall things went pretty well.
So, the DSL checker site isn't "more vulnerable" per se as a result of this old SHA-1 certificate, but we had to mark it as untrusted or else the whole web is effectively left vulnerable. It's like the way Australia was really angry about Johnny Depp's dogs. _Those_ dogs were probably fine on their own, but Australia needs strict rules to protect the weird Australian native wildlife, so it can't just let people disobey the rules like it's no big deal.
BT will have been told, repeatedly, by their vendors to fix this, most certificate vendors offered free re-issues to anyone who might be affected. But I guess no-one at BT cared.