Pretending to not store effective passwords and attempting to obfuscate the mechanism to less tech savvy users
Stop lying and making stuff up, please.
I haven’t, your code stores effective password access and gives you the ability to control other people’s accounts and you’ve done nothing to secure it in your little php framework and said “just trust me bro, I won’t use your account by proxy even thought this is exactly what this app does”