Set the post of your form to a SSL URL? You will get browser warnings though ('some parts of this page are not secure' or some such).
And with JSF/Richfaces?
Well, JSF does a postback, so I guess one way is to use frames to include your JSF login page into the parent page.
Or just do your login with a plain HTML form.