AFAIR, RedHat pushed for NSS because it has a FIPS certification and thus would make it easy to get RHEL FIPS certified. I don't know whether this is still the plan; I heard that they now plan to move all crypto into the Linux kernel to satisfy newer FIPS requirements.
Crypto usability is more important than discussions on whether SHA-1 or SHA-256 is appropriate. Actually everything should work without any user interactions. We are far away from such a goal.
For what do you really need PKCS#11? Shall we discuss this on a ML and see whether we can do something about it?