The client doesn’t store passwords at all, but the client does store your token in localStorage (it’s necessary so that we can make authenticated requests). The only way your account could get hacked is if they gain access to your browser and look through localStorage. If they have access to your computer, you have other problems though. If they do gain access, you can invalidate the JWT by changing your password.
It looks like shit on mobile though, only looks half decent on desktop