See, when I was talking to CC when v8 was in its conception, i was all excited because passwords where going to have a dual salt and be md5ed...
But instead they're just md5ed and can be run through a hash comparison site and tada, theres user passwords...
Though ones site has to be hacked before someone could copy your db to compare passwords, but I always liked the security aspect of at least a basic salt to md5