Deprecation makes sense even though in theory there is no problem

It's the same thinking as for the Web PKI prohibiting SHA-1 years back. A cryptographic hash makes certain promises, SHA-1 is broken and can't fulfil some of those promises. Continuing to rely on the bits that don't seem broken yet is a bad gamble, for which you will pay very dearly if you guess wrong. So don't guess.

OpenSSH has some of the same safeguards as the Web PKI. The values to be signed (and which thus an attacker must guess when constructing their collision) are randomly chosen by somebody else. So _if_ everything works as intended an attacker has essentially no chance to successfully use any type of collision against you. But the necessity of using truly random values often escapes people, it's the kind of thing that is often disrupted by other seemingly minor security problems - and so we should avoid depending on it as much as possible.

In the Web PKI X.509's Serial Number field is required to be chosen randomly (if you ever looked at the Serial Number on a certificate you've got that's why the number was crazy). OpenSSH's hand rolled certificate format was designed much later and so it has an explicit "nonce" field which is defined as to be filled out with random data. But in both cases of course things can go wrong, better not to tempt fate.