Yes, even with the site disabled.
Either it was disabled, or it wasn't.
Yes, we use password encryption. We are currently using SHA-256, but
since the recent Mtgox hack we will be upgrading that to something
stronger. It's surprising how many sites still use MD5, even though it
was broken years ago. It is my personal opinion that MD5 be deprecated
from modern operating systems.
Every time someone calls a (one-way) hash function 'encryption' the FSM kills a kitten.
Yes, MD5 should be deprecated due to known weaknesses (collision attacks), but using one of the SHA variants isn't going to magically make things unbreakable. MtGox's crypt(md5) is alot more resitant to attacks than plain SHA-256. The keywords are salting and stretching (or: bcrypt/scrypt) - all general purpose cryptographic hash functions were designed to be fast.