JavaScript has a problem with global state. This problem is known by almost all JavaScript developers and is exacerbated by the presence of the developers console. We can assign a function that is available globally in the success handler of the xhr request which will returned the decrypted authentication information in a read-only manner. The global scope of the closure makes the unencrypted authentication data readable by anyone who requires it