Are you sure it's iterated? I just checked the manual for crypt() and it just says it's MD5 with a salt, but it could be a failure of the documentation.
Of course I don't want to advocate using MD5, even iterated a thousand times, for both of the reasons you state. There are better alternatives. scrypt appears to be one of them, and if it stands up to analysis, it's better than PBKDF2 and bcrypt, which in turn are better than MD5-crypt.
However, MD5 iterated 1000 times is still 1000 times better than MD5 iterated once (which an alarming number of codebases still use!) and the vulnerabilities that have been published in MD5 are not sufficient to speed up an attack on an MD5-crypted password file.
So MD5-crypt is still vastly preferable to many alternatives, including traditional Unix crypt(), even though MD5 has been broken and DES hasn't.
