They did not plan to make it 128 bits. The standard output sizes have always been 224/256/384/512 as specified in the competition.
For an ideal secure hash function with 256-bit output it takes ~ 2^128 operations to find a collision, while most other attacks, like finding preimages, takes ~ 2^256.
The sponge construction Keccak uses allows you to reduce the difficulty of finding preimages in return for increased speed, by adjusting the capacity of the sponge.
The idea was to have a fixed "level of security" for each hash, based on the collision resistance, and tune the other parameters based on that. So a 256-bit output would require 2^128 operation for either a collision or a preimage attack.
Listed to tveita and go read the keccak papers, and you will know more! Fighting against NSA is great, but don't judge a new cryptographic hash on rumors.
