Using md5 with no salt while providing paid services and obviously earning income, but in 15 years not even a basic security check? At this point, the web is becoming ridiculous, and stuff like this should be sanctioned.