if users are using the same weak password for serveral boards or other acoounts, too. Also there databases with MD5 password hashes. So you just have to compare the stolen data with these databases.
Salted passwords area a nice idea on the first look. But IMO it's not possible in real life to make the password salty enough. Users and/or administratos will be annoyed by it! (My job is IT administrator in a 200 clients company.

@ the "we" community:
Why not to upgrade the encryption algorythm?
If there is not any important reason not to upgrade then you should upgrade it. At least it would be a good thing for the image of phpBB to be on the top in this point.
UPDATE 23-03-2012: Somethings added!
Bye Martin