And yet the server sends you the code to hash your password. Either way, if the server compromised, all bets are off. That said, there are architectures where this may make a difference, but they certainly aren't the usual case.
The difference is that I can verify the code, and the data send. If I send the password to serverside hashing, I can only trust the server to handle it correctly. Security wise that is a fairly important difference.
Are you saying you not only know of some website that does password hashing client-side but that you also inspect the javascript that site serves you every time you login?
