But in the real world, these distinctions matter a lot. Protocols fielded using SHA1 to glue together crypto primitives are unlikely to broken soon (often for the simple reason that they're used in hardened constructs like HMAC). Again: I don't even think there's a tractable way to break an otherwise sound protocol using HMAC-MD5 using MD5 flaws, today.

It all depends on the context. Bare MD5 is probably fine as a mixing function for an RNG. It's probably (I haven't thought this through carefully) also fine for a stretched password hash. But should MD5 be one of your go-to functions? Of course not.

Should SHA-1? Well, let me put it to you this way: if you contracted my company to assess your application and we found you using SHA-1 somewhere, we by default would not be able to write you up for it. It wouldn't actually be a vulnerability. (If you asked us specifically to review your crypto for best practices compliance, we would of course recommend you change it).