If so, would it not make more sense to send the MD5 hash over HTTP POST (to login, etc) instead of the plaintext password? (I'm assuming plaintext; I'm damn sure it's plaintext)
Bad examples being -- someone accesses their LiveJournal on company time. Net admin sees this and forwards it to whoever. They, in turn, delete the person's LiveJournal. I mean, that's an extreme scenario, but it could happen. (Though chances are they'd fire someone before doing that)
I've heard numerous accounts of people saying their boss / company made them delete their LiveJournal. If the company could do it on their own...
Not to mention general security. Packet sniffers are no man's friend. (Well, unless I want your password, but that's a different story, isn't it?)
