Ahh I misread. Even still. Directly injecting the password in the source of a JS file for the purposes of checking authentication? That screams naive error to me.