Because the applet produces a digital signature from a cryptographic key on your hard drive. This is much more secure and scalable than sending the password, see [1] and [2].

An alternative solution would be to use an SSL client certificate[3] or the WebCrypto[4] API (still under development).

[1] http://security.stackexchange.com/questions/3605/certificate...

[2] http://en.wikipedia.org/wiki/Public-key_infrastructure

[3] http://www.mozilla.org/projects/security/pki/psm/help_21/glo...

[4] http://www.w3.org/2012/webcrypto/WebCryptoAPI/