Username is used as a salt for MD5-hashed passwords. In addition, during authentication hash may be used directly without knowledge of cleartext password.
vulners.com/securityvulns/securityvulns:doc:8403