1024 bits was pretty strong 10 years ago when they wrote the initial code. Since then they've been delaying the inevitable because 1024 bits was "good enough" and existing hidden services would be screwed. Now it's getting dangerously close to not being good enough anymore. Sure, it's well known that RSA is weak to quantum computing. The good news is that people are already working on algorithms that are resistant to it: https://en.wikipedia.org/wiki/Post-quantum_cryptography