As long as the logins go via normal web page hashing the passwords before sending them does not really add that much security. If the security of the server is somehow compromised, it would be trivial to put up new Javascripts that send the cleartext password to server. Users are not likely to go through the Javascript to check what it is actually doing.
This is how similar services have responded to warrants. They voluntarily alter javascript for some ip addresses in order to capture passwords to use for decryption of the user's files.
It would probably be easy to write your own login page or a browser toolbar that would either do the hashing on a page you control or check that the javascript was what it should be.
At that level of distrust however you might as well encrypt the stuff yourself (and send the decryption keys to the people you want to share with in some other, more annoying but secure, way)
What if I don't trust you? Is it still safe for me to use MEGA?
If you don't trust us, you cannot run any code provided by us, so opening our site
in your browser and entering your password is off limits. If you still want to use
MEGA, you have to do so through a client app that was written by someone you trust.
Fully agreed on the server compromise risk. Fortunately this attack vector would compromise only users who log in after the attack. Users who don't are still safe.
Improving this situation could involve keeping a browser extension that takes care of the hashing algorithm and makes sure the real hash is sent. As long as the extension is not updated, the hashing would be safer.
