The article claims that there are no known md5 collisions. This is plain false. There are known collisions since 2004 and known windows executables with the same md5 hash since 2005.
Nobody competent would disagree; SHA2 is better than SHA1, use SHA2.
But in the real world, these distinctions matter a lot. Protocols fielded using SHA1 to glue together crypto primitives are unlikely to broken soon (often for the simple reason that they're used in hardened constructs like HMAC). Again: I don't even think there's a tractable way to break an otherwise sound protocol using HMAC-MD5 using MD5 flaws, today.
It all depends on the context. Bare MD5 is probably fine as a mixing function for an RNG. It's probably (I haven't thought this through carefully) also fine for a stretched password hash. But should MD5 be one of your go-to functions? Of course not.
Should SHA-1? Well, let me put it to you this way: if you contracted my company to assess your application and we found you using SHA-1 somewhere, we by default would not be able to write you up for it. It wouldn't actually be a vulnerability. (If you asked us specifically to review your crypto for best practices compliance, we would of course recommend you change it).
The windows executables were constructed|discovered by a founder of the company I work for. Here is the relevant link: http://corelabs.coresecurity.com/index.php?module=Wiki&a...