The cache question is trickier and I'm afraid, I don't see a consistent, reliable solution for this one as a browser won't let a random website dictate how it organizes its RAM. Using this approach, you never trigger a real 'submit event', but only a click event which won't promt the user for saving the password. If the login is successful, return the session key and write it to a cookie or whatever suits your requirements.
Don't set type='submit' but create a button
Most browsers notice when you submit a form, because you click a special button ( type='submit'). An attacker capable of compromising RAM is also capable of logging keystrokes. Please do note that you will never have full control over what the browser stores in RAM, but this is not really a problem.
But we can work out a solution which will achieve what you want in most cases. As this is client-side software, you generally can't. Your goal is effectively to control browser behaviour and prevent it from storing the password which was entered and sent by the user anywhere (neither cache nor password-storage).
