I'd say you're both right. There is no way to "crack" an MD5, but there are ways to "weaken" it to the point where it doesn't take "too long" to figure out the original value. There are a bunch of attacks that people have developed against MD5 that allow you to weaken it somewhat. However, the reason you can't crack it is, it is possible that 2 different values will produce the same MD5 hash. Thats just because you have an infinite number of input strings and a fixed number of output strings. But, since MD5 is used for passwords, not encryption in its truest sense, thats all you need. Just to provide a fake example,
$md5(asdf) = 123
$md5(hjkl) = 123

If the "real password" is asdf, the user types asdf and gets access. However if you, using some techniques, have found a way to "reverse" MD5, and you get "hjkl" as a result, it doesn't matter that you have a different "password" because the one you have works just as good as asdf since
$md5(%the_inputted_password) == $md5(asdf)
Even when %the_inputted_password = hjkl.

So you can't necessarily get the original text back, but you can get a value that is just as good as the original text. If you want to see weaknesses in MD5, you can search Google for "Birthday attack." That attack still doesn't necessarily make it feasible. Using brute force against MD5 would take billions of years (if not more), with the birthday attack it takes about 500 thousand years. Then there are more advanced attacks such as differential cryptanalysis (also known as the T attack). That has been used to successfully cause collisions in MD5 in many instances. The thing is though, your average Joe doesn't have the computer and mathematical know-how to figure out a T attack, the math involved in it is extremely complex, so thats more along the lines of the CIA/NSA type of thing rather than the guy down the street. To sum it up, very few cryptographers will say MD5 is secure (remember, it's ancestor MD4 was cracked after a while, and research shows that the MD4 attacks, with some modifications, could break MD5 as well), therefore the new breed of hashes have come out. For example SHA-1 which uses a 160 bit hash has no known weaknesses, nor does RIPEMD-160 which also uses a 160 bit hash. I personally would like to see either a $sha or $ripemd in mIRC, but seeing as how it took so long for $md5 to be added, I doubt that will happen any time soon.