If the password submission was handled in javascript couldn't the website rewrite the password field with a one time password. This would let people use password storage, but give the ability to revoke later on. The only difference between a stored password and a cookie, is that cookies are trusted less. Both can give password equivalent access.