Your post feels rather optimistic to me. Not only do a lot of people still use md5, I'd argue a sizable number of sites still store passwords in plain text.