The final line refers to agl' "maybe skip SHA-3" blogpost. I think there is a lot of FUD about SHA-3 (including SHAKE) being too slow for mortals to use, I'm guessing the Keccak team is pushing back with some marketing. Honnestly this is how the world works. Nobody understand anything about crypto and people take decisions based on standards and public opinions (which are often based on articles and blog posts). If you want your primitive to have some weight, you have to give people an excuse to use it.
To be honest, if I'd design something this elegant, and nobody considers if because of an irrelevant attack, I'd be very sore and alert for it happening again, too.
