Same here. You can't just access my auth data over the internet.
You would also have to get hold of my machine and get past it's security mechanisms.
You can put as many layers on top of what you call "obscurity". But at the bottom it's still just a simple string that holds the power to authenticate you.
And "multi-factor authentication" does not help with the situation "User is allowed to use this script, so they are also allowed to use that website. Let's open it for them.".
You would also have to get hold of my machine and get past it's security mechanisms.
You can put as many layers on top of what you call "obscurity". But at the bottom it's still just a simple string that holds the power to authenticate you.
And "multi-factor authentication" does not help with the situation "User is allowed to use this script, so they are also allowed to use that website. Let's open it for them.".