If you control the server on which this script is run, you can already redirect people to the secure (SSL) version, and you should consider that that is much more likely to be actually secure (and supported by all browsers I've used for years)

If you don't control the server (i.e. you're distributing the program) it might be a bad idea to give your users a fake sense of security when they should just upgrade to SSL instead. This is all assuming the security is actually needed, ofcourse.

Just to clarify: this is mostly a game of chance. Assuming you can find a javascript/perl based encryption that's theoretically just as secure as SSL, it has probably not been tested and fixed as well as say, the SSL implementations in Mozilla and Apache. As a side problem, a javascript implementation will not run as fast as native SSL encryption (it might be fast enough, though).

Just my €0.02
Joost