A public key is 65 or 33 bytes long
A hash160 ( == ripemd160(sha256(x)) ) is 20 bytes long
Also a bit of further security. Currently you need a signature AND the public key to redeem a transaction output. So even if someone breaks secp256k1, they would have to break ripemd260 and sha256 too to redeem that output.
Except if that public key already redeemed an output once, in that case it is known:
- unused address (notice "Public key: Unknown (not seen yet)")
- used address (notice "Public key: 020338ce822bbf15ef68145e0d5a4838d8a2eb746ff024c1944e8d4f49c0574c55")