Look up in bb_cookie.php -> writeUserPwd() function.
It gets only clear password parameter from the other scripts, and returns encoded value.
I think it's fully enough to use just a more stronger encoding function, if you want so, replacing md5 there.
I'm not sure what mkd5 is about though.
It is very dangerous when is saved as only hash.
"Dangerous" is not the proper word for that. Dangerous is to driving after drinking 0,5 l of vodka or loving a woman.
If we use md5 that only means somebody could steal your cookie where this value is stored, and spend about many years trying to decode it, I doubt it would be worth just for the forum. Forum software is not that thing where you must care about security.
If somebody is stealing your cookie, it's not the problem of miniBB furthermore. It's a problem more serious than you can imagine. Because forum cookie is kids thing. If they can steal a forum cookie, they could steal also more "serious" cookie.
But if you provide a not-easy-to-guess password, it's already the strong protection against stealing it, doesn't depending on hash :)