Почему чтение не является потокобезопасным?

Тот же алгоритм, java-версия: (BaseEncoding, Hasher, Hashing и т. д. поступает из библиотеки guava

/**
 * Generate checksum for object came from multipart upload

 * 

 * AWS S3 spec: Entity tag that identifies the newly created object's data. Objects with different object data will have different entity tags. The entity tag is an opaque string. The entity tag may or may not be an MD5 digest of the object data. If the entity tag is not an MD5 digest of the object data, it will contain one or more nonhexadecimal characters and/or will consist of less than 32 or more than 32 hexadecimal digits.
 
 * Algorithm follows AWS S3 implementation: https://github.com/Teachnova/s3md5

 */
private static String calculateChecksumForMultipartUpload(List md5s) {      
    StringBuilder stringBuilder = new StringBuilder();
    for (String md5:md5s) {
        stringBuilder.append(md5);
    }

    String hex = stringBuilder.toString();
    byte raw[] = BaseEncoding.base16().decode(hex.toUpperCase());
    Hasher hasher = Hashing.md5().newHasher();
    hasher.putBytes(raw);
    String digest = hasher.hash().toString();

    return digest + "-" + md5s.size();
}