During Ops 101 classes, people with web dev experience very quickly find the password, because they read out the values in localStorage in the JS console.
I'd propose either encoding the values with Base64, or storing it in a different place (like cookies, session store, or indexedDB).
