v2 doesn’t realistically add anything important for functionality. sha256 is nice to have, but the chances of an actual attack on a sha1 chunk are still bafflingly remote. sha1 might be technically broken but in order to actually attack a sha1 torrent you need to generate a collision that is not only the same sha1 (which is still extremely rare and hard, only the fact that it’s proven possible at all makes it “broken”) but also within the same expected length of the torrent, otherwise any decent client should reject it for being too long, and they must reject it because otherwise they would be vulnerable to a denial-of-service attack from any bad actor who sends infinite length chunks and copyright trolls would be having a field day. I’m not a security expert but I write enough software to be fairly confident that I’m not wildly off base. In the event that somebody comes up with an actual realistic sha1 attack on bittorrent probably because of some weak/stupid client, and proves me wrong, attitudes might change quickly but I also suspect it will quickly be patched or vulnerable clients banned. If it’s pretty widespread I’m sure it will light a fire to migrate to sha256 but the actual risk remains, as far as I can tell, infinitesimal.

Until then, the v2 protocol doesn’t add anything except compatibility headaches for private trackers. I’m sure they’ll get to it eventually, but there’s no urgency and there’s not going to be unless there’s a viable attack to drive that urgency. Latest version for latest version’s sake comes with its own set of risks.