Well there are plenty of use cases where performance isn't the limiting factor. To encrypt a message to my lover, I would be happy to wait multiple seconds - which at 3 Ghz is tens of billions of math operations for a message perhaps just a few paragraphs long.
Give people the option between "wait 3 seconds" or "the FBI can read your love letter in a decade", I'm pretty sure most people would choose to wait. Yet programmers have already chosen the other option for the user by picking nearly-broken crypto.
No, they haven't. This isn't an accurate framing of how attacks on cryptography work. Ironically: the subject of this thread would probably be pretty helpful in understanding why.
Give people the option between "wait 3 seconds" or "the FBI can read your love letter in a decade", I'm pretty sure most people would choose to wait. Yet programmers have already chosen the other option for the user by picking nearly-broken crypto.