Oh I totally agree. MD5 is trivial to reverse using rainbow tables. Ideally, something session hashed would be used, but the key exchange problem always becomes an issue... Exchanging this key securely, and having a salted hash in the database is slightly more complex when you start to add in...