The doc says « if you are at all concerned about password
"sniffing" attacks then md5 is preferred. » but does not say why.
It would seem that an MD5 hash can be sniffed and replayed just as
well as a clear-text password.
Maybe the doc needs to explain why "md5" is more secure than
"password". Or, if it isn't, say so.
--
André Majorel http://www.teaser.fr/~amajorel/