I think he's overstating "a lot of people". Many seem to preferr SH1 over MD5, but typically this is because of the key length (160bit instead of 128bit) - not because of weaknesses in the algorithm itself. Most people wouldn't try to brute force either. The primary weakness in passwords is almost ALWAYS the fault of those who pick them. Take a look at how 'John the Ripper' works, and you see interesting trends in passwords.