Although MD5 is a little on the short side and collisions can be generated for it easily, it would still be a noteworthy breakthrough for someone to produce a primary preimage for MD5.
That's what it would take for someone to find a working password for your account given your salt and MD5 hash.
In other words, there are still no known cracking tools that can do much better than dictionary or brute force against MD5, so a very strong password is still very strong and a salted SHA-1 password would be only slightly stronger.
Long, random strings with weird characters are unlikely to be in any md5 dictionary, so you'd have to bruteforce it. MD5 is a fast algo so that shouldn't take long for short passwords, but it does provide some security. If you've chosen a strong password then bruteforcing isn't a concern, so the fact they <s>hashed instead of encrypting</s> (edit: used a weak hashing algo) won't matter.
It's better than nothing, but not much. The fact that they md5'd it at all suggests they were thinking about security, just not very hard or well.
On my pair of HD 5870's I get about 6.3 billion hashes/sec - with lowercase alphanumerics, that's up to 8 characters in about 8 minutes, 9 in 5 hours, and 10 inside a week.
My bad, that was lazy of me. I was using the words sloppily. By "encryption", I was simply trying to say, "hard to break". I know that's not what it means, and apologize for any confusion.
