Just because you put a warning label on a bad practice doesn't mean it's a good practice.
Pumping your passwords through some random code on Github that has a "be smart" label doesn't make it a good idea.
Would be so easy to imitate you, reupload the code with an exploit. For giggles, if I was making this into a hijack I'd leave all your warnings in and even make them bigger and more obvious, confident in the knowledge that 99%+ of my stolen users wouldn't read the code or would just download the binaries sight unseen.
Well, why shouldn't people who already use insecure software with vulnerabilities (LastPass) without the possibility to even audit the code also run some code written by other people they don't know?
Pumping your passwords through some random code on Github that has a "be smart" label doesn't make it a good idea.
Would be so easy to imitate you, reupload the code with an exploit. For giggles, if I was making this into a hijack I'd leave all your warnings in and even make them bigger and more obvious, confident in the knowledge that 99%+ of my stolen users wouldn't read the code or would just download the binaries sight unseen.