The nature of the project is inherently insecure, and it does not help that the project is hosted as a static SPA using GitHub pages. It is impossible to store any kind of credentials, the project cannot take advantage of GitHub Apps which uses client key, nor OAuth apps which also uses app id.
Thus the only reasonable resolution to the security issue is to setup a back-end somewhere, somehow. For now, that is the kind of commitment I cannot afford.
The nature of the project is inherently insecure, and it does not help that the project is hosted as a static SPA using GitHub pages. It is impossible to store any kind of credentials, the project cannot take advantage of GitHub Apps which uses client key, nor OAuth apps which also uses app id.
Thus the only reasonable resolution to the security issue is to setup a back-end somewhere, somehow. For now, that is the kind of commitment I cannot afford.