it's always unsettling seeing a governmental or otherwise undisclosed institution developing such cryptographic breakthroughs in secrecy. this leaves me as a developer with inferior tools to protect my data against any kind of intrusion. it’s understandable from a national perspective but unfortunate for the programming community at large. so far we still have bcrypt or scrypt - but who knows, maybe someday we'll have an efficient collision attack there as well...
The fascinating thing is that strong commercial/public cryptography has only really become a "thing" in the past couple of decades; it used to be nearly exclusively the domain of governments, which is why even today there are still residual export controls on strong cryptography.[1]
The "programming community's" threat model in cyberspace is no different than anyone's threat model in meatspace. If a well funded government decides you are an enemy of the state they can harm you in meatspace or cyberspace. Are you staying up at night worried about a hellfire missile coming in your window?
the great thing about the internet is that it puts you as a citizen in a superior position to your local government (assuming you can somehow hack your way thru government controlled routers, which is in most cases trivial), because thanks to the anonymous nature of the web and the global access to it you can circumvent any national censorship and expose any kind of unjustice happening in your own country. those kinds of cryptographic attacks reduce anonymity on the web and make internet users an easier target for national espionage. as internet citizens (or netizens) it would just be nice if we could keep the upper hand in this game.
This is why Sergey Brin is netizen hero number one in my book. He actually cares, at a visceral level, about this and has taken actions to protect the net.
His fear stems from the fact that most people believe they have a right to the Internet and are essentially anonymous.
To respond to your hellfire missile analogy, if I am in Canada or the US, I'm not worrying about it but if I'm in the middle east, it's a different story.
And I am saying that he does not have to worry about NSA, Mossad or The Secret Army of Northern Virginia spending years to develop Flame 2.0 so they can read his email. On the flip side if you are a high level enemy of the state you should still be worried if you are in Topeka or Ottawa; if its not a hellfire coming in the window it will be equally lethal scary rough men dressed in black.
On the other hand, keeping data safe from (known and unknown) attacks is also in the interest of such institutions. So I guess it goes both ways. (See: NSA "suggesting" IBM's DES use modified S-boxes, for (at the time) undisclosed reasons)
