Seems to have been memory holed: <a href="https://web.archive.org/web/20250128092802/https://www.freshpaint.io/blog/rudderstack-collecting-passwords" rel="nofollow">https://web.archive.org/web/20250128092802/https://www.fresh...</a>
I honestly can’t decide what I hate more: the fact that secret values can just be accessed by any JS on the page or that people keep using telemetry libraries and services. Probably the latter, but I am honestly not sure.