To answer your first question, everything can go two ways. md5 is many to one, meaning multiple strings can have the same result.

Here are two very very common md5 hashes of passwords!

5f4dcc3b5aa765d61d8327deb882cf99
3c3662bcb661d6de679c636744c66b62

Dragosh,
In response to your questions. php scripts cannot be downloaded from the server without first parsing the code (unless you are connected via ftp client). If you just use the browser and right click to download it, you will only get the parsed text. so if you had just echo "hello world" in your script, only "hello world" would make it in the downloaded file. to beef up your system security you can chmod your secured scripts(db passwords, etc) to 600 and include() it when you want to use it. also use strpos() to make sure ppl cant access that file directly. this works on one of my sites, but the other cries when the permissions is not set to at least 744. weird.

secondly, i think md5 is pretty secure. although my experience with it is limited, i'm sure it's not easy to generate the same hash as a valid one. again, for more security use multiple hashes for your passwords. consider using sha1 as well. dont hesitate to hash it more than once with each method!

also, why do you want to store passwords in afile? i thought it would be more secure if you store in in the database.

Thanks for your replies.

I want to save them in a file because it only one password i want to store(the admin password).

But i was not also sure if a php file could be downloaded using some dos commands,because i recently saw a video how a guy broke a site and downloaded a php file with its code onto his computer and got the password. Thats why i am unsure about all that chmod.

oh wow if that video is legit, we're all in trouble now.