Um, what? The passwords are usually held on the server encrypted and checked directly in that form (and not with javascript at all, unless you are talking about AJAX means of transport). Of course there are tools that someone can use to intercept your http stream with, but if the Talk merges with the maemo.org authentication, it will use SSL for communication and the above scenario becomes even more unlikely to happen.