I am well aware that third party extensions for FF4 exist that add status bar function.
I haven't used FF4 myself, but I would be surprised if you couldn't just enable the status bar in about:config, no extensions needed.
It doesn't matter what your privacy settings are. I would bet money that you could get access to 99% of Facebook targets' info by following that pattern. Social networks are practically designed for social engineering hacks.
Hash = 1-way crypto
The only way to "un-md5" anything is to crack it. Also, I'm not sure you actually put any real thought into this.
Since it's best practice to store only password hashes (and not the passwords themselves) in your database (or whatever), your process is apparently: