With all of this discussion of password security lately one question I have is why browsers send the contents of a "password" input in plain text at all. Why not have the browsers preform a preliminary one way hash before even sending the data to the server.
True that this is definately not the entire answer to the password storage questions (I know Bcrypt, Bcrypt, Bcrypt) but it would at least be a step in the correct direction and if done properly it would probably eliminate the current epidemic of sites choosing to just store passwords in the clear.
