With the current deprecation and future (2014) disallowing of SHA-1 for digital signatures by NIST recommendations, we should add SHA-1 to the default blacklist.
This is probably not appropriate for any release that occurs before the start of 2014.
When we do this, it is probably also worth introducing something to allow people to easily remove SHA-1 from the blacklist without exposing themselves to all other blacklisted algorithms. So, although it would be possible to get the effect like this:
...that seems counterintuitive and it would be better to introduce something like this instead: