I’d say that with published work, you should just always use annotated tags. That extra information is never going to harm you.
Lightweight tags strike me as being more for when you’re being lazy. Maybe a temporary tag (just make sure you don’t accidentally push it; really you could just use a branch), or maybe a personal repo where there’s not much use for the extra information. My guess is that a lot of smaller projects do this too; they’re just not really concerned with the information. Probably there’s only one integrator, no one’s concerned with verifying signed tags, and they’re just simple markers of release versions. (I still think you should prefer annotated tags, just in case!)
Another way of thinking of it: lightweight tags are kind of like writing a really bad commit message. You really shouldn’t do it, but sometimes people do, usually when no one’s watching.