I'm going to go ahead and leave an answer:
It is impossible to protect from a Man-In-The-Middle attack without SSL. If someone were to launch such an attack, they could simply modify the JavaScript to remove any encryption you are using - or simply use the data after it's been decrypted.
In short: Yes, it's possible to encrypt and decrypt data in JavaScript, however, it is not truly protected.
See this answer for additional information: https://stackoverflow.com/a/6121236/2155492