Is SHA1 better than MD5 only because it generates a hash of 160 bits?
Producing SHA-1 collisions is not that easy. It seems reasonable that the attack with has been described on SHA-1 really works with an average cost of 261, much faster than the generic birthday attack (which is in 280), but still quite difficult (doable, but expensive).
That being said, we do not really know what makes hash functions resistant (see for instance this answer for a detailed discussion). With a lot of hand-waving, I could claim that SHA-1 is more robust than MD5 because it has more rounds and because the derivation of the 80 message words in SHA-1 is much more "mixing" than that of MD5 (in particular the 1-bit rotation, which, by the way, is the only difference between SHA-0 and SHA-1, and SHA-0 collisions have been produced).
For more of the same, look at SHA-256, which is much more "massive" (many more operations than SHA-1, yet with a similar structure), and currently unbroken. It is as if there was a minimal amount of operations for a hash function to be secure, for a given structure (but there I am moving my hands at stupendous speed, so don't believe that I said anything really scientific or profound).
No. It's not just the length of the output. There are significant differences in their level of security against cryptanalytic attacks.
There are devastating collision attacks on MD5. (The Wikipedia article on MD5 has some details.) These attacks mean that MD5 provides essentially no security against collisions: it is easy to find collisions in MD5.
In contrast, SHA1 appears to be much more secure. While there are some known attacks on SHA1, they are much less serious than the attacks on MD5. (The Wikipedia article on SHA1 has an overview.) For this reason, SHA1 is a much better choice than MD5 in many settings.
These days, instead of using MD5 or SHA1, you're probably even better off to use one of the more modern hash functions, like SHA256. Those have no known attacks of any practical relevance.
But certainly don't use MD5 in any setting where collision-resistance is needed, as that aspect of MD5 is completely broken.