It all comes down to key size. A 384 bit elliptical curve key is equivalent to a 7680 bit RSA key in terms of security
, and at some point (I don't know exactly where), ECC starts outperforming RSA for the same level of security.
The advantage to RSA is simplicity. RSA can encrypt arbitrary data, so it can be used directly for both signing and key exchange, and can even encrypt data directly.
ECC cannot be used to encrypt data directly, and requires separate algorithms to derive keys and generate/verify signatures.
The biggest problem with ECC is it's tangled in a web of patents, which makes implementing it risky unless you really want to spend a lot of time reading patents.
Eppur si mouve.