OpenPGP/GnuPG uses SHA1 by default

Apparently they prefer SHA1 over stronger hashing methods(SHA512, SHA256) by default. Instructions to change default settings and change preferences for existing keys can be found here:
https://www.apache.org/dev/openpgp.html#sha1

 

Why is this 'important' from a security-perspective ?

 

I'm not sure on the exact consequences as it's all very technical(https://en.wikipedia.org/wiki/Digital_signature How they work part), but I would think that too weak hashing could at least mean possible faking of signatures.

 

I seriously doubt that, because a pgp-signature 'uses' either RSA or DSA .

Also :

And that doesn't in any way mean you can just 'fake' a pgp-signature .
I'm not even sure the NSA can !

I worry a lot more about this iApple-'invention', US patent 7734048 :

 

Perhaps there are other security consequences. Attacks may not be practical, but better safe than sorry.
Besides, when attacks do become practical, it will take quite a while before SHA2 widely used. New versions of software which use SHA2 by default must be released, users must update their software, users must generate new keys or edit current ones etc.

Both Microsoft and NIST want to deprecate SHA1:
http://blogs.technet.com/b/pki/archive/2013/11/12/sha1-deprecation-policy.aspx

That iBack-door sounds nasty.