As it has been mentioned, you should always apply a salt when hashing a password. The longer the salt is the better.
While it is correct that it is easier to locate a collision in a md5 hash these days, the approach used to do this does not make it easier to "locate" the content used to create the hash. I.e. recreate the content.
To be honest, we have known for something between 16-20 years that md5 is not collision safe, but for the use of "hashing" passwords together with a good salt it was more than safe enough.
The problem even today is not the collisions, but the fact that with some new Nvidia videocards put in SLI and a program made in CUDA you can get immense processing power quite cheap, that only the largest universities had only a decade ago. Heck even Amazon allow you to rent number crunching servers by the hour. This means that if a malicious user get a hold of your md5 password hashes, brute forcing one of them will be "almost instant" compared to doing the same on your computer a decade ago.
A md5 password hash perhaps on 6-8 characters, you brute force in a few min with the right hardware/software today. Even with a good salt added on, you can normally crack them in a few hours max.
Instead of using md5 I would recommend either whirlpool or sha512, both with are 512bit. There is no reason to use lower hashing algorithms these days, as you dont check the password on every page load for example. Note, if your unfamiliar with it, take a look on the hash() function in php.