that's not really what I'm afraid of, but thats an issue too.
hmm, but still, in theory, it would be possible for someone with physical access to your RAM to read my password, wouldn't it ?
If an attacker had that much access, he could modify the login page to remove the password-hashing JavaScript.
But than you make a change in the system. That can be suspicious.
If you're just reading it from the RAM and using it, nobody will know.