SASL is much more common than it used to be, but there are some networks who either don't support it, or don't support it fully.
For example, Rizon is a large network which currently shows more than 10k users, and it doesn't seem to support SASL. I set config for Rizon to use their SSL port using SASL-Password as the method, and it didn't log me in. Also, related to SASL-External Certificate, even though their /whois reply tells me that I'm using a client certificate, it doesn't show my fingerprint, and their nickserv doesn't know what the CERT command is.
As for Snoonet's usage of MD5 for their fingerprints, apparently that's the default when a different hash isn't configured, so there may be other networks using MD5 for the same reason. It would also take a while for them to wean people off MD5 fingerprints, since it wouldn't be a good idea to suddenly invalidate everyone's fingerprints.
