So... my understanding---please correct me if I'm wrong---is that the current practice is to send the password in plaintext to the server over a TLS connection. While this might not be the coolest way to do this (there might be something like a ZK-proof) it is the standard way. Also, why is it not okay for the person who controls the server on the other end to have a plaintext copy of your password? We hash passwords to protect against a 3rd party who gets a data dump, not against people who control the servers. (If you control the servers, you can change the protocol!)
It's not OK for two reasons, one a tiny bit paranoid the other much less so
1. The server operator might accuse you of doing something offering as proof a record that "you" logged in, but actually they knew the password so it was them.
This seems kind of silly if the server is a forum about a video game you like and the consequence of the alleged wrong doing is a permanent ban. But if the server is your bank, and the consequence is they convince a jury you tried to commit fraud and you go to jail when actually their employee has stolen your money using access to your password... that's pretty serious.
2. People re-use passwords. They know they shouldn't, but they do anyway. So "of course" the operator of "Puppy Fan Forum" knows your password, but it's also the password for your Amazon account, and next thing you know there's $1000 of dog treats billed to your credit card going to the operator's home in Ohio.
