Yggdrasil Password Hashing

I've always wondered why the password in the Yggdrasil Authentication Scheme is passed raw, without hashing it. It's not secure, the password can be, in theory, tracked down.
Could a hash analogue (e.g. /authenticatehash) be created?