They make the key exchanges much larger for the same level of security, but the implementations are generally much harder to ensure are secure and safe as RSA is fairly susceptible to side channel attacks. The old argument that ECC is slower than RSA also starts to falter as the RSA keys get necessarily larger.