when you post form via ajax, you can read password in plain text there. I thing that is security issue. Which possibilities are to hide password or disallowed to read it in firebug console for example?
Nothing is really secure when you don't use HTTPS. Attackers could intercept your Ajax JS code and do a man-in-the-middle attack on your login process.
Use HTTPS.