I guess I'm not following your logic. If there is a salted, hashed password in a db, allowing arbitrary length passwords shouldn't matter? HMACs and KDFs work very differently from symetric-crypto primatives.
The point is that it makes it easier for an attacker to find a hash collision. It's much easier to construct data which hashes to a given value if it can be of arbitrary length. I don't immediately see the connection with this article however.
I don't follow. Breaking a password hash your not trying to find a hash collision you need to break the preimage attack. Sure are some stage in the future there might be a preimage attack that requires a large amount of data to use. But really if your worried about theoretical preimage attack you aren't using md5.