but unless you are https: connected the password and files are in clear between user and server anyway.
md5 hash the password in the browser and compare the hash value with the a stored hash on the server, harder, but not impossible to crack.
but, unless your are making a Mad Industrial Scientists Taking A Killing Edge,
how secure does the password need to be
Security through obscurity
you cant be totally secure but you can be obscure
can use a password in the form that isnt called 'password' to stall sniffers
Ya do the same on your newuser script so when the user creates themselves the password is never sent, only its encryption.
many sites say 'we cant recover your password, but we can reset it', and make you reset your password again when they send you a string
but you cant validate in the browser, else you would have to download a large amount of secure information to every user, some of whom may be malicious