I'm not sure the password is stored unsalted to be honest. The hash looks pretty unusual to me and doesn't correspond to anything I could generate with SHA1 or MD5, for example.
That said, the encryption is still useless anyway, because if you read the files from the server, it's only a small step to compromise anyway.
It's worth deploying on a SSL-only server so that you don't transmit your password or data transparently, but if it's on your own server (kinda the point of "owncloud"), I'd assume you had access to everything anyway. Part of the reason I like the idea - I don't have to rely on DropBox or similar to release my files if something goes wrong.