Neat hack, misleading headline
SHA-1 wasn't designed to be slow, it was designed to be "cryptographically secure". This is why proper password implementations which use any type of hashing have multiple rounds and salt ("PBKDF" and "password strengthening" are terms associated with these).
Read http://www.akkadia.org/drepper/SHA-crypt.txt for a real password implementation (which uses SHA-2 rather than SHA-1, but the principle is the same).
5000 rounds + 16 characters of salt makes brute-force a *lot* harder. Approx 2^108 times harder, if you don't have the salt, and only ~2^12 if you do (making a 2 hour exercise into a ~12 month exercise). I've read the results, the input file had one hash round.
I see a neat hack (nicely documented too) showing what you can do with EC2, and a misleading headline... "crack sha-1 hashes" != "crack sha-1 hashing"
Wake me up when someone uses EC2 to find useful SHA-1 collisions :)