The researcher specifically says the JavaScript code does not mean our app is doing anything malicious, and admits they have no way to know what kind of data our in-app browser collects.

Jesus Rodriguez asks:. My question has to do with JavaScript security. Imagine an auth system where you're using a JavaScript framework like Backbone or AngularJS, and you need secure endpoints.