Actually, it’s not fully true anymore. Recently, a few cryptologists discovered new attacks and have been able to generate MD5 (and other) collisions. MD5 is not considered to be “secure” for some time. However, for file version verification, it’s more then enough I’d say.