The JS-SHA1-Login is not a simple "send username + SHA(password)"
It is more a Challenge-handshake authentication protocol!
The plaintext password would be not leave the client.
The hash that is sent to the server, is not a simple SHA1(password)!
The detailed procedure explained here: JS-SHA-Login - pseudo code
For getting the login form, the challenge and salt we used AJAX (with jQuery).
JS-SHA1 Login is not really secure in comparison to https! e.g. the client can't validate if he really communicate with the server or with a Man-in-the-middle. JS-SHA1-Login does not protect you against an Session Hijacking
However the used procedure is safer than plain-text authentication. In addition, on the server no plain-text passwords are stored. With the data that are stored on the server, can not be used alone.
If you have https, you can combine it with JS-SHA1 login, similar to combine a digest auth with https.
More information: Warum JS-SHA-Login Sinn macht... (german only, sorry)
Many, if not even all CMS/wiki/forum, used unsecure Login. User name and password send in plaintext over the Internet. A reliable solution offers only https.
The Problem: No Provider offers secured HTTP connection for little money :( We have been thinking, how can we still accomplish a secure authentication.