Security

AJAX is a as safe as a plain old form + refresh page. In the end it's always an HTTP request. Why do you think that ?

However, from a usability point, make sure that people that disable javascript can still log into your app.

Be sure to use POST method to send your AJAX request, as GET requests, and their params (such as, let's say, plain-text password) might end in your web server logs, unles you are using HTTPS.

Usability

As Grégoire pointed it out:

Also from a usability point, autocomplete won't work for AJAX forms on chrome, and for AJAX-loaded forms in firefox. The browsers won't even propose to remember your password

I can't think of any security implications on using Ajax to handle login and logout. It doesn't matter what you send back and forth (as long as you don't send plain text passwords from server to client) between the ajax and sever side layer, because the session will be the one which will hold the authorization state.

However, you would still have to refresh the page, or redirect to show the appropriate content to the just authorized user. So, I don't think Ajax is going to be effective at this particular situation.

Login through ajax POST should be safe as long as you have a way of preventing the XSRF attacks.It can be done by setting X-CSRFToken header in your ajax request. On the server side you should have some sort of middleware to check and verify your CSRF Token from header.

You can set the csrf token in the cookie and then query it and set it in the header:

var csrftoken = $.cookie('csrftoken');

xhr.setRequestHeader("X-CSRFToken", csrftoken);

(I have used jquery cookie library here to illusrtate )