I guess everyone outside of the JS ecosystem, that has auth baked into the framework for decades, is just doing it wrong and riddled with hackers in their systems?