Voting starts in March for the Drupal Association Board election.
As I've pointed in the Drupal core forums there is a issue with MD5 password hashing in Drupal. Basically, I found that performing a hash only over the password string may be a security problem, as there are some MD5 databases over the internet which can perform reverse lookups, obtaining plaintext passwords. I think it would be very easy to implement hashing over a compound string such as username+password, making it more difficult to find MD5 collisions. Please, take a look at the discussion at http://drupal.org/node/29405