With unsalted passwords you can run through the wordlist once, and get all matching passwords with a single MD5 run for each word in your wordlist. It doesn't matter for one single password, but for 60000 salting means 60000 times more work.
Since it is extremely unlikely that all 60000 passwords were the same, you still have to brute force the rest.
Huh?
If you assume a more reasonable 3000 passwords that are either identical or the same as the mail address for example, the difference between everything salted or not is only 60/57=5% more work.
Salting only (significantly) helps against rainbow tables.
I don't think you got it.
Hashing a billion password candidates once with MD5 is no problem for today's computers. To brute force 60000 unsalted passwords, you would just need one run through the candidates, making one hash for each candidate. After one billion runs, you have cracked all passwords in your list of candidates.
To brute force 60000 salted passwords with unique salts, you need to run a more complex MD5 algorithm on all the salt + candidate combinations. Even if you assume the same time for each test, it will take 60000 times longer to check all candidates against all hashes. If the password is found for a candidate hash, you don't have to try the rest of the candidates for it, but you will probably not find as many passwords as you think.
Yes, a few people use their username or mail address as password. Those would be cracked in seconds on anything with the computing power of a digital watch, no matter how they were hashed. Don't worry about those. Most of the passwords will likely not be among your candidates at all.
