If we are talking about improving security a bit, I would recommend that we also hash passwords in the browser before sending them to the server. I just read about this here:
http://dustwell.com/how-to-handle-passwords.html Basically, when a user logs in, registers, or otherwise enters a password, a JavaScript method hashes the password with a salt, and submits that as the password instead of sending plain text to the server.
