I don't find the concept alarming. The concept of AJAX login is perfectly fine, when used on a full https site, or a full http site.
It is insecure when used on an http page where the login page is using https. If there is a man in the middle, the form can be rewritten to send the username/password to the attacker, who then relays the information to the wiki. I don't see how digest authentication will solve this. Digest authentication protects against replay attacks, but I don't believe it can protect against man in the middle attacks.
I should follow this up with: as discussed on the channel, I love the idea of someone working on AJAX login support. It is perfectly useable by a bunch of third parties, and would be a great addition to the software.
Respectfully,
Ryan Lane