If the shell blindly accepts the password without checking the type, it will pass it into the md5 function which will coerce the password into a string. This could make it impossible to authenticate later if you are using an authentication mechanism where the password is digested server-side.