I'm asking this here since it's my understanding that the FreeBSD community knows some of the most about security. Me and a friend have been having a discussion if we should keep the code handling passwords and user account management (updating passwords, etc) on the server side vs letting Javascript handle. He's convinced we need Javascript running on the client side for the user to login. I was pretty certain that css could accomplish a lot of the pretty ux issues he wants on the page. It's my understanding that pretty much all of the fancy ux stuff that's done with js can be done with css. Is hashing the password as well on the client side necessary or even worthwhile when the site is on https? Is there any reason to not minimize Javascript usage. It just seems like a mess of a language, with rails / ruby being preferable when possible. (if it doesn't effect performance / security)