A secure service wouldn't have an easy way of getting at a user's password. They'd store the salted hash of a user's password, and not the password itself.
You mean hash it in the browser? That's rare. Otherwise, you have the plain text password in the request you do the hashing and writing the hash to storage in.