Ohhh come on
the md5 attack shown from the link, doesn't actually use a simple natural hello.exe.
Both the hello.exe and the erase.exe are engineered together.
If only the erase.exe was engineered there would be a problem, but that is not the case.
So yeah there is a vector, but it would be a lot of odd things that would have to happen to create it.
And as to encryption :) Well I didn't want to make it too obvious, but if the author signs via his private key, and you use his public key to check. That is a better position to be in, as you really trusting the author, not the code. Combining all these methods is a good idea, add in encryption via your public key, and a quick check of the source code, and your security is on the up again.
As to documents saying one thing, with a character change or three (not) that is part of a good hashing algorithm for security anyhow, it should make a huge change in the resulting hash if only one character is changed, and they all currently exhibit that.
Collisions of course occur because the hash is smaller than the data it is representing, much smaller :). So, it is about permutations and length of hash more often than not..
These competitions are a good thing, but they are more about bringing on the field of security as a whole, than creating the next hashing star.