The 80-bit collision attack only applies to jointly constructed addresses like multisig P2SH, not single-key ones.
That’s the part I’m less convinced about, and why I asked the original question re SHA1 vs RIPEMD.
I’m checking my own numbers (and as you’ll appreciate it’s a powers of ten thing), but I do see a vector. Which would mean that if RIPEMD were weakened in any way, single-key transactions could suddenly become badly exposed.