The thing is that there is not actually a lot you can do with an SHA1 hash collision. Sure, you may be able to impersonate a site by use of a fake certificate. But these are around anyways because of CAs with shoddy security and governments that do not understand the value of security and just coerce CAs in giving them out. So an SHA1 collision is actually a bit of overkill for that and likely the most expensive option by a large margin. So what else is left? I do not see anything.
Sure, if this was something Jonny hacker could do in his basement in a week and it was a one-sided collision (i.e. one document is already given when the attack starts, two-sided collisions where you create both documents are much, much easier to do), this may be some not very serious threat, but even that is not the case here.
What remains is a stunt that at best helps to estimate the difficulty of a not very relevant attack. Not that this is actually bad, good researchers demonstrate what their theories mean and a stunt is one form to do it, but the implications of this one are pretty minor.