Their biggest fault was not forcing users to update their passwords at that time.
No, they are not secure. They're slightly MORE secure, assuming good, long, semi-random password with lots of special characters. Seeing the kinds of passwords a trivial cracking attempt busted I'd say a good portion of the userbase are NOT computer security experts and are NOT picking secure passwords. Those kinds of people are likely to be re-using the passwords elsewhere and are now going to be in a world of hurt thanks to mtgox.
Even a fairly weak password will take a while to find. And you don't know in advance which passwords are weak, so you have to try them all, or try them one at a time. This is bad, but not the end of the world.
Those passwords that have already been cracked were cracked because they were unsalted, which meant they could be stored in a database for lookup. The rest are salted, and there is no shortcut to them. The attacker actually has to calculate 1001 MD5 hashes using both the salt, and their current guess. And unsuccessful guesses are wasted, they do not help on the next guess or the next account.