Normally I would give people the benefit of doubt and say “it doesn’t matter for most practical cases”, but given the purpose of HiddenVM you really would expect them to do better than md5. They’re expected to be on the forefront of these technologies and should set the example, even for something as innocuous as zip file integrity checks.