When is it safe to use a broken hash function?

Question

It is trivial to use a secure hash function like SHA-256, and continuing to use MD5 for security is reckless behavior. However, there are some complexities to hash function

Answer 1

Download sites use MD5 hash as a checksum to determine if the file was corrupted during download, and I would say a broken hash is good enough for that purpose.

Lets say that a MITM decides to modify the file (say a zip archive, or an exe). Now, the attacker has to do two things -

1. Find a hash collision and create a modified file out of it
2. Ensure that the newly created file is also a valid exe or a zip archive

With a broken hash, 1 is a bit easier. But ensuring that the collision simultaneously meets other known properties of the file is too expensive computationally.

This is totally my own answer, and I could be terribly wrong.