Not at all, its simply a database comparison, not cracked at all. I could write a script that complex in 20min, the ajax would take longer then the php.

It is literally impossible to crack sha1, it is a destructive algorithm. Have you ever noticed all hashes, no matter how long are the same length? The closest you can come to hacking it is reverse engineering the algorithm, leaving an unlimited number of possibilities, a large number of practical possibilities. If you know the format of what it is (such as a credit card number), you might be able to crack it. Therefore it is not safe to keep credit card numbers with it, you use 256 bit encryption for that.

A group in china is rumored to have found a process to reverse engineer, but I dont know if its true.