I don't think it's particularly bad for this use-case: the easy failure scenario someone can do now is that a site operator could make two URLs that the extension considers to be the same and shows the same comments for, and the worst-case scenario is that someone makes a URL the extension considers the same as someone else's URL.

But regardless, it's weird that anyone would reach for SHA-1 for anything new now.