Indeed, a scheme like hashing-in-the-browser to keep a plaintext password "off the air" is essentially a homebrewed effort to replicate a secure connection.
IE, doing this is a mistake because you may be smart but you probably haven't put your secure connection through everything that SSL has been put through.
IE, doing this is a mistake because you may be smart but you probably haven't put your secure connection through everything that SSL has been put through.