Hi Callum, No, the token only works for your application if you set up the system correctly. So, anyone can grab the token, but it should not work, only when they are operating under your domain name. The website requesting access is encoded in the token. While not 100% safe, it is not as easy to fool as you seem to think.
Regards Sander -- You received this message because you are subscribed to the Google Groups "AngularJS" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/angular. For more options, visit https://groups.google.com/d/optout.
