edit_users.php encrypts passwords always using md5 regardless password_format configuration.
I don't think this is a bug. The password_format configuration only applies to db_ext auth types (the variable is $auth['db_ext']['password_format']). It is assumed that users in an external database are edited by an external tool.
You seem to have CSS turned off.
Please don't fill out this field.
The only thing that could be said additionally to this is that MD5 is now considered by some to be insecure, we should consider moving to SHA1/SHA512.