The user now cannot refresh multiple times in 10 seconds, essentially preventing hard rate-limiting from occurring.
The user's location now isn't stored on the device. Before, it was stored in local storage, meaning that if anyone copies Chrome's data, they now have the user's street address and coordinates. Now, it is only stored in session storage, which means that once the user closes their browser, the location is gone. The only stored "personal information" is the forecast url, which is only a general region.
Basically, all that was changed was: