I think the solution would be to make sure that your web browser never uses HTTP authentication without also using SSL. If anyone wrote a firefox extension to make sure of that, he'd be doing us a favour.
or just make sure security.warn_submit_insecure is true?