Hi all, I'm the one who created the vulnerability (and ultimately fixed it). I'm open to constructive questions.<p>To all those who cringe, please consider that this code was written while I was learning Angular--and javascript, and html and css, for that matter--while I was still working as a financial professional in a Big 4 accounting firm. Times have changed: I've learned a lot from earlier mistakes and now work as a full-stack developer with Auth0.<p>Unfortunately, much of the code-base in production Plunker dates from the time when I was new to this whole field and demonstrates two important things:<p>1. A case-study on inconsistent code style and anti-patterns.<p>2. Something useful to the community can be produced despite #1.<p>I co-presented the following talk at ng-conf 2015 that explains this philosophy pretty well: <a href="https://www.youtube.com/watch?v=hYXEuQZMLSM" rel="nofollow">https://www.youtube.com/watch?v=hYXEuQZMLSM</a>