The hash iterations are due to vBulletin's life span and being a product. They had md5 hashed passwords. Then they realized they have to salt them. So instead of adding the the salt to the password then hashing it, they decided to add the salt to the hash so they could salt every password without having to wait to get the original password.
The point was more that two iterations of MD5 isn't nearly slow enough. This site claims 5.6G/s on an ATI 5970 (~$400US) card: http://www.golubev.com/hashgpu.htm
So for a 2-iteration password cracker, that's enough to search almost a 48 bit space of passwords in a day. That's enough to check every possible ASCII password of 7 characters or less, and a good heuristic search will probably get you much more than that.