It would be a strong security measure to place your entire Userscript into an IIFE to protect the variables from being accessed in those .user.js engines that run the script in the page scope. Not every version wraps and GM stopped doing that a while back in the 3.x line when using @grant none.

e.g. username could be tampered/read with more easily if you don't... along the lines of what you said with:

it's no longer saved anywhere

(function () {
  // This is an IIFE
  
  var username = 'farow'; // Local function scope instead of global.

  // ...
}();

cuzi's script does this already.

Maybe if you're running scripts with sensitive data on websites you don't trust. Don't quite see the point of hiding a username variable when you end up sending it to the server anyway.

Don't quite see the point of hiding a username variable when you end up sending it to the server anyway.

Then that statement negates the statement you make on the homepage here of:

it's no longer saved anywhere

Technically it is saved in the script compared to the original script which is saved with GM_setValue which is usually more secure than exposing it in the DOM. ;)

Your choice... might want to watch your down votes as this could be a reason why.

Unlikely, that change was there before it was downvoted. The more likely reason is that people got pissed cause the update broke the script for them and they'd have to change the source again to make it work.

GM_setValue

And that would actually break the script for Greasemonkey 4.0+ users. If you feel that this script is "insecure" feel free to remove it.

Re: @Farow:

If you feel that this script is "insecure" feel free to remove it.

There's a reason why I didn't respond to you with my Admin capable account like this. It just seems insecure to a point not enough to remove at this time. Just thought I'd give you a suggestion as a peer. :)