Yeah, first off, I would like to tell everyone that we have the administrator of the website the external script is hosted on confirming it is not malicious.
Secondly, the only useful data I could steal are cookies, really, and the only valuable cookie (the one that identifies who you are) is the BNGAuth cookie, which is http-only, meaning it cannot be touched (or even detected) by javascript.
Your data is completely safe, it was just loaded remotely to be a surprise so people that would try to cheat and read the source could not.
Rest assured, I have talked to the mods about this, and everything is k. You'll see on Bungie Day. Thanks, Apoc, for pointing out that concern for me. I appreciate it, but you'll see on Saturday.
[Edited on 07.05.2012 11:17 PM PDT]