in reply to
On showing the weakness in the MD5 digest function and getting bitten by scalar context
Using MD5 to verify file integrity is often used in conjunction with file compression such as gzip or bzip2.
Finding an arbitrary set of bits that result in the same MD5 hash (that has been shown to be possible) is one thing, but finding a specific set of bits that result in the same MD5 hash and also the characteristic of being able to be successfully uncompressed is much different. Compounding that with being about to alter the code in a meaningful way that results in a malicious trojan horse makes the task sufficiently difficult that I'm not terribly worried about it at this point.