Is there a difference between HttpRequest and xmlHttpRequest in terms of security? Is one more secure than the other?
Is it more secure to send important data such as passwords via HttpRequest than via xmlHttpRequest ?
Is data packing in both done the same way?
Short answer no. If your posting back to a https server in one and http in another then yes https is more secure. They do the same things internally but are triggered differently and lead to different outcomes. Ajax (xmlHttpRequest ) returns some text - xml or plain by calling a javascript function in same page; a form post navigates to a new page - could be back to same but browser does not care - it needs to re-render.
You can do a secure AJAX posting. Using https shoud be enough, to be extra careful can mask the sensitive data and clear (or change the value) of js variables and form that that holds password after sending to server. see https://stackoverflow.com/questions/12157970/codeigniter-how-can-i-encrypt-password-before-submitting-the-form-to-the-contro
