The thing with bcrypt that makes it secure is that it's much slower to compute than any of the other algorithm.
With what ever SHA version, you can just get better computers and you will be able to make a rainbow table in no time. With bcrypt it will still take ages, this algorithm is time expensive. Thus making it nearly impossible to retrieve the original passwords from the hash.
You can see this link for more information.
You can also see this thread from the Security StackExchange that covers it toroughly!
About the fact that the hash produce is smaller, well it doesn't really matters at all because as I said, if you want to find from which password does the hash comes from, it takes ages.
See this sandbox. Simply by putting the load factor over 15 will make it take more than 3 seconds to execute. Try playing around with it and you will understand why it's secure.
Code in the sandbox:
$time = microtime(true);
$pass = crypt('myNewPassword', '$2y$15$usesomesillystringforsalt$');
$end_time = microtime(true);
$diff = $end_time - $time;
echo "$pass\n$diff"
Ouput :
$2y$15$usesomesillystringforeTfp6/FuUgyb1HKFA36V9tf6Go5xlv/a
2.4688489437103
It takes 2.5 seconds for 1 hash! Imagine trying to hash millions of password!
