Remember that if you are trusting the cert itself this is irrelevant because you aren't verifying the chain (which is the part using the SHA1 hash). I presume this is what most embedded devices do. But yes, if you imported a SHA1 root you should probably consider distrusting it.