There has been one reply to that which mentioned something I didn't consider - that by sending a hashed version of the password whereever possible it makes it more difficult for the person who captures your hashed password to break into other accounts you may have where you have disregarded security and used the same password. Since the different sites presumably use a different "salt" value when hashing your password the hashed version that works on one site will not work on another.
Now this sounds like a good argument for using hashes but in fact it doesn't really affect my original argument much at all.
Basically there are three possible situations we need to look at with regard to the man-in-the-middle attack and what it is they are after.
Let's first look at the one where this new argument would make the biggest difference - where they are specifically targetting you and trying to break into all of your accounts where ever they may be. In this instance not hashing a password will make it easier for them if that password works for multiple sites. The thing is that it only needs one of the sites you use the password on to not hash it client side for the attacker to get a password they can try on all your other sites. So while a specific site hashing the password can provide some potential protection to other sites where their users have reused the same password it does nothing to remove the vulnerability to that site of other sites passing that password as plain text. The overhead of a huge hashing script might protect other sites but leaves your site more vulnerable than without it. Anyway someone trying to obtain all your passwords is unlikely to try to do so via a man-in-the-middle attack. They are far more likely to achieve that goal by managing to get a keylogger installed onto your computer and if they achieve that goal even HTTPS will not protect your passwords.
Another possibility is that they are targetting people trying to log in to a specific site. In that instance that you use the same password to log into other sites isn't at all relevant unless the site they are trying to break into uses HTTPS. If that is the case then they may look for other sites where the same people might have accounts and where HTTPS isn't used and then just look for passwords sent in plain text so as to try those. Your using hashing on your passwords would then protect some of your users from having their account on some other site broken into while doing nothing to protect their account on your site.
The third possibility is that the attacker isn't targetting any particular person or site in which case they will not particularly care whether a password is hashed or not as long as it works to get them into the account. If it is a plain text password that also gets them into other accounts belonging to the same person then that's a bonus.
So hashing your passwords will only protect other sites from attack, never your own site, and it will only do that if all the sites that a person uses a password with also hash it, each in different ways. The chances of your hashing passwords actually protecting some other site is therefore fairly unlikely. It certainly is not worth the overhead of a huge MD5 script and the lessening of security on your own site in the hope that it might improve security on some stranger's site.
What we get back to is that if securing passwords between the browser and server is important then you should use HTTPS in order to properly encrypt the password in a way that the man-in-the-middle attacker can't use at all. In so far as the passwords that you use to log in to sites is concerned, you should at the very least use a separate password for each of the important sites where you have accounts and where HTTPS is used. Perhaps you may share the same password between a number of less important sites (for example forums) where having your account broken into is a lot less important (they might be able to get you banned from a few forums but still don't have access to your bank account). You should never use the same passowrd for accounts that you have with differeing levels of importance as the less important site then compromises your security on the more important one.