The biggest and really significant weakness of BTC is SHA-256, that is ASICs (which are a very genuine threat feasible for any dedicated attacker, getting a design and building a semiconductor fabrication plant can be had for a few $M). All renowned cryptographers agree that scrypt is far superior.
It is fairly easy to make a scrypt ASIC the only factor is cost. However the scrypt used in LTC (and clones) was modified to make it about 10,000 less memory hard then the recommended default value. LTC scrypt uses about 32KB of memory, a token amount in ASIC design. LTC likely will never become popular enough to warrant the kind of investment but if it does ASIC builders will move to that chain as well.
Your last line is a false statement. Please provide this extensive list of renowned cryptographers who believe scrypt is far superior. Scrypt has been far less extensively studied than SHA and thus has a higher risk of a cryptographic flaw. Of course SHA could also be flawed but other than maybe MD5 or AES there aren't many algorithms with more peer review. Extensive and long peer review is mandatory to ensure cryptographic strength.
The first paper on scrypt was published less than 5 years ago and that is a tiny amount of time in the field of cryptography. Also LTC (and clones) use a modified version of scrypt which is significantly less "memory hard" by a couple orders of magnitude. The LTC developers are not world renowned cryptographers, there has been no extensive peer review of the effect of these modifications. There has (AFAIK) been a single academic paper on the potential risks.
Simple version: In cryptography tried and true is superior to new and flashy. In time scrypt "may" become the defacto standard for key derivitive functions but that day isn't today.
No, with N=1024, r=1, p=1, you end up with a 128 KB scratch pad. You can reduce this logarithmically by a factor of two by using the lookup_gap method of only the fly scratchpad reconstruction, but you also increase the computational effort exponentially by factors of two -- hence why scrypt is said to have time-memory trade-off (TMTO).
I trust Colin Percival's math on this one, and if you read the paper there are no obvious attack vectors beyond the already discovered TMTO. By using a smaller value of N you should not compromise the security of the ROMix/sCrypt algorithms, at least not in theory. Security geniuses like Solar Designer have been hammering away at sCrypt for a while and haven't discovered much else that can really be done with it.
TMTO does show that ASICs will have some advantage in power consumption and speed, but good luck achieving a 50 fold increase in speed while reducing power consumption 100 fold like we've seen with Bitcoin.
Litecoin will be here to stay for this reason alone, and there are no shortage of people willing to send thousands of dollars to the devs to keep the network operational and running smoothly.