dataClient logInUser:username password:password]; @try { //success - a token user; username = someuser; uuid = "89469434-4b14-11e3-ae68-ff6ddb9bb1aa"; }; } A hacker could analyze your app and extract the credentials for malicious .