With regard to the weak key blacklists, it's about trying to model an attacker's strategy. Since certain weak keys (like the Debian ones) actually were used by large numbers of real sites (due to software bugs), it's likely that an attacker would know about those particular keys and be able to find or derive their private keys easily.
Of course, if there are other RNG bugs that we don't know about, there could be more overlap in the distribution of real-world key generation than we would expect (where we would expect to see approximately no duplication, ever, due to the unfathomably enormous number of 1024-bit primes). Hopefully security researchers are using the Censys and/or CT logs to continue investigating that possibility!