Before I say anything, most arguments against JavaScript crypto assume you are using a browser to develop a web page; if you are not, then it shouldn't be any different than using any other quirky scripting language.
So, the goal of hashing the password is what... to keep from sending the password to the server? And the reason that you don't just do that (using SSL, for example) is because you don't trust the server, right?
Well, if you have compromised the server, you can probably just return a different version of the JavaScript that sends the password anywhere you want: the entire premise of JavaScript assumes you trust the server.
(The code could still come from your sever, and protect you and your user against an unrelated compromise in a JSONP API service you are using. FWIW, I think anti-JS crypto people are overly zealous.)
Hashing the password in browser would be just another layer, just for preventing MITM attacks (or Nokia decrypting your SSL traffick in their low-bandwith Internet service). But, as you said, if the server is compromised, it just doesn't matter.
Why it should be insecure to hash data locally? As I said, I understand this for two-ways algorithms (crypto) but I don't for one-way ones (hashing).