that's not really what I'm afraid of, but thats an issue too.
hmm, but still, in theory, it would be possible for someone with physical access to your RAM to read my password, wouldn't it ?
If an attacker had that much access, he could modify the login page to remove the password-hashing JavaScript.