The MD5 standard is already 22 years old and proven vulnerable over the years, not only vulnerable used in encrypted traffic, but also to verify file authenticity through a hash. It was already proven years ago that you can create 2 different files that have the same hash. Here a developer from Surfright comments that the usual objections against newer more advanced hashes(hashing speed and size) are practically non-issues. Reading the file from disk is the bottleneck, it's way slower than the hashing itself, and if you have like Webroot a large cloud database containing lots of information on each file, then the larger size of the hash makes only a very minimal difference on total database size:
Like with the other idea I just posted, I think it's good for a company selling security to use the lastest, more secure, standards, regardless of the likelyhood the older standards being exploited.