Re: Storing passwords in plain text?
Hmmm... Maybe I'm missing something, but it sounds to me as if you're addressing a different set of issues.
My thought is as follows. For randomsite.com, my password is my first pet's maiden name, ⅔שלфщ®куè (I used to pick some odd names for my pets). Within the browser, this is salted/hashed and we get, say, DEADBEEF5318008, all ASCII hex digits. That's what gets passed to randomsite.com. They don't know how long my password is, or if it has non-ASCII characters.
Because I can see the script, I can verify that randomsite.com doesn't know my pet's name; they just know that when salted/hashed, it's DEADBEEF5318008. They really ought to salt/hash it, store the result, and forget about DEADBEEF5318008. But I may not trust them. Or they may screw up.
So then they get hacked. World+dog promptly checks my banking and e-mail and other accounts to see if I used that password elsewhere. Which, of course, I did (doesn't everybody?) But -- because randomsite.com never knew my real password and only saw DEADBEEF5318008, and nobody else knows about my beloved pet ⅔שלфщ®куè -- they're out of luck.
They can access my randomsite.org account, though. Unless randomsite.com isn't run by bozos after all, and _did_ take the DEADBEEF5318008 I sent them and salted/hashed it.
But this scheme only protects against password re-use (and allows me to use a non-ASCII password). randomsite.com still ought to use https and otherwise follow best practices.