SHA-0 has been already compromised and last I heard SHA-1 was "in the works" so to speak. It is obvious - if yet unpractical - that hash functions are not collision-free [because they have a limited output]. However to get to the point where you can generate files with the same hash... that's something completely different. It won't be long until we'll be able to see carefully engineered apps with NOP sleds placed in such a way that the final hash is the same as the original... but the other modifications of the file would be very operational

Yet for the time being it does seem like a good idea to move to at least SHA-1