I wonder if the code this user provided us with that links to this script: https://unpkg.com/realm-web@1.2.0/dist/bundle.iife.js is safe to work with, or does it contain any secury breaches that would, for example, allow third parties to read out a user’s freshly changed password?
The URL there is the one that is used in Realm Web Quick Start (you can see it under the CDN tab). Specifically, it refers to version 1.2.0 of the SDK.
I would recommend using the latest version of the SDK instead by linking to https://unpkg.com/realm-web/dist/bundle.iife.js instead of using a specific version, as per the documentation page linked above.