Purpose of `md5`ing of a captcha value

[zerkms]

    public function encode($code)
    {
        return md5($code.$this->secret);
    }

What is the reason (from cryptography/security point of view) of applying md5 together with the secret value for the captcha value that is stored in the session?

[bamarni]

If there is a vulnerability on session side (attacker can read or write data), that'd make it harder for him to break the captcha and brute force for example. But it's not really meant to be a security measure, just the way we store it.

[zerkms]

Ok, I see (I don't think it makes any sense though, but anyway).

Thanks :-)