How could this auth method be secure?
1. When the auth.htm has to check if the Login+Password.js exists, the browser has to request the URL http://server/path/Login+Password.js
from the web server.
This request is transmitted plaintext, so every sniffer could read it. And even worse, the web server logs this request plaintext in his log. So the HTTP BASIC AUTH is better, because the password is not logged.
2. How do you difference user "Neo",password "Matrix" and the user "NeoM", password "atrix" ???
The only "secure" way (beside SSL) is, to hash the password with md5 or sha1 and to verify the hashed password on server side. And don't forget to include a salt, do make brute force attacks more difficult.