A quick post so that I can link people here in the future, instead of making the same argument over and over again.
People are generally against client-side hashing of passwords in browsers because:
if you use http, a man in the middle attack would just remove the hashing script (or backdoor it); or
Fair points. However:
Client side hashing defeats passive listening, e.g. someone with their WiFi card in monitor mode, government dragnet network taps, or an attacker that does not want to get caught by sending active attacks (because non-passive attacks are visible to the target).
It makes it transparent to your users that you hash passwords and which hashing scheme is used.
Conclusion: use client side hashing. It has substantial upsides and no downsides. But do not rely on it. Https, server-side hashing and all other security measures are still a must.