This feels like a trap people fall into when considering how attacks work. You're right, any one instance of active TLS interception is vanishingly unlikely to be detected. But an adversary conducting that attack at any kind of scale will be deploying instances of that attack regularly. The cost of detection can be very high --- it's not "public opprobrium", as so often seems to be the mental model on HN, but rather disclosure of sources and methods to other adversaries, who are themselves exquisitely well equipped both to detect stuff and also to work back to expand the scope of tradecraft lapses in drastic and surprising ways.
Here, though, it's even simpler: you're positing an attacker who is exploiting a cryptographic vulnerability unknown to science simply in order to conduct an individual TLS interception. The consequences of the disclosure of such an attack --- one that would be discernible by amateurs --- go far beyond what curves people select in the future.
The US and a few others routinely sink billions of dollars into weapons systems they'll only ever be able to use once, like strategic nuclear submarines.
So the fact that a backdoor could only be used briefly until it was discovered, doesn't mean that some agency wouldn't invest a lot of effort into developing it, just in case.
Here, though, it's even simpler: you're positing an attacker who is exploiting a cryptographic vulnerability unknown to science simply in order to conduct an individual TLS interception. The consequences of the disclosure of such an attack --- one that would be discernible by amateurs --- go far beyond what curves people select in the future.