People use DSA for the same reasons they use RC4, 3DES, and MD5: that's what the other party's 10 year old legacy platform that will never be updated supports.

Then those others parties get hacked to hell and put out statements such as "We care deeply about our customers' security!"

It's a hard call for service providers. Sort of catch-22. They have to support old ciphers because most of their possible customers are running old software or operating systems that don't support newer ciphers. So to make money they're effectively forced to take a more insecure position. They can care deeply about customer security, while effectively being forced to offer only the most secure that their customers will support, and having to accept that ugly compromise as a necessity of remaining in business.

Setting up a proxy for those customers is possible. Different end points for those customers is possible. Reverse proxy is not such a hard setup task these days.

But really it's about everyone just being human, and therefore crap at these things. Once security 'products' realise this, and cope well with people being rubbish at their jobs, then those products will make a lot of money... If only the people measuring ROI were also not rubbish at their jobs... ;)

Only if you care about performance. But not everybody is happy about the chosen magic curve parameters, which could include backdoors.