Dang, phtn.app is nicer than vger.app on desktop! How do "apps" like this work as far as privacy goes? Are you storing user logins/passwords? Or is it "passed though"?
The client doesn't store passwords at all, but the client does store your token in localStorage (it's necessary so that we can make authenticated requests). The only way your account could get hacked is if they gain access to your browser and look through localStorage. If they have access to your computer, you have other problems though. If they do gain access, you can invalidate the JWT by changing your password.