So it was... I confirmed my username is in there but at least passwords are hashed. Luckily, I never added an email address and used a different Username and pw than I do everywhere else. Gotta take precautions with bitcoin!
They were hashed using the standard php crypt() method, it generates a salt for every password encrypted. I'm in that database and was able to generate the exact hash. Luckily I use one-time passwords with such things...
Hm, if it is using the same hash all over the world (on your computer it has the same salt as on the MtGox server?), what is the point? I don't understand how this salting scheme is supposed to work?
In theory, it just slows it down so rainbow tables are ineffective (not that people need them anymore), and it requires you to brute force each password than brute forcing one password and then checking it against everything.
In reality, it's all MD5 and the passwords were leaked to a community who are running tons of GPUs to brute force hashes. So it's kind of irrelevant.
You can recreate the hash by calling crypt() in php with your PW and the full hash as arguments. Basically, the hash is built like $1$_salt_$_hash_ - by feeding it as an argument to the function, you make it use the same salt used originally at encryption, when it was randomly generated. This is exactly the way these hashes are verified on login.
http://forum.bitcoin.org/index.php?topic=19543.0