Will there be a systematic move away from md5 and sha1 in the racket community? Maybe even issuing warnings or errors when the functions are used?

There are valid applications of MD5 and SHA–1 that are not cryptographic and for which collisions are not a problem.

won’t a simple CRC do better then?

without the false sense of security of broken crypto?

at the very least, md5 and sha1 functions should be moved to a package “broken-crypto” or something, so whoever uses it knows what he’s getting into.

I would strongly disagree, though a note in the documentation that they shouldn’t be used for crypto is a good idea. Hash functions have lots of very valid uses beyond crypto or integrity checking, though.