Another approach is to remove all knowledge of the MD5 operation from the external interface. Provide a method to compare a password against the database. Internally, it runs MD5 on the potential password, comparing the results against the stored password.

Don't provide a method that allows anyone to access the password in the database. Decouple the mechanics of storing a password from updating user information. How the password is stored is of much less concern than if users can update it.

update_admin_user() would then call create_digest_from_password() behind the scenes, and people who program to that interface would simply pass in a plain text password.