Encrypting a password on the client-side means that all a cracker needs to login is the hashed password, which is exactly what they would get from a database dump, thereby bypassing the entire point of hashing the password in the first place. (Yes, I'm aware you could use a different salt on the server than the client, but that would require that the client-side encryption be reversible, which is perhaps even more problematic.)