The Yahoo! mail login page uses some interesting ideas. They hash information on the client-side before attempting to login. They also store retries, and a challenge in hidden fields as well.
I should look into this a bit more. Some of this may be used to make it difficult for scripts to login. Some may be used to make it safer for users of public computers and prevent sensitive information from being cached on the client.