Sure since they're using MD5 then a salt wouldn't solve their problem, especially if the salt were also part of the url. And let's not pretend that the url itself is somehow secret: there are many ways to collect those, particularly if specific users are targeted. Usually when people are this boneheaded about hashes they're trying to save storage space, but I can't imagine that storing a separate random identifier would add significantly to Disqus's storage.