[davidsong]

It's a good idea IMO, I don't understand why it gets so much flak. A server who doesn't want to know your secret is more trustworthy than one that does, a MITM might be able to hijack your account but he won't see your favourite password and you don't have to trust that the server is hashing the password at their end.

To avoid the "hash is a plaintext password" problem you save double-hashed passwords to your database, once in the browser and once on the back-end, twice on the back-end if JavaScript was disabled in your user-agent.

Of course that doesn't solve the problem above, but it still ought to be common practice.

[dingdingdang]

"A server who doesn't want to know your secret is more trustworthy than one that does" - I totally agree here, in many ways that's why projects like http://openpgpjs.org/ are fundamentally MORE important that more/newer layers of centralized encryption like TLS that are fundamentally bust in that we have to blindly trust the server. yesyes, i know JS on untrusted/leaky browsers isn't totally bingo but at least someone is TRYING!