Imp Authentication

I have just ‘finished’ a little program to authenticate a web user to an Electric Imp agent. It uses JavaScript (jQuery) for the web client requests - everything is done using AJAX. As is stated unequivocally in the readme, I have no experience designing security systems, so I would not be willing to trust this for anything particularly secure, and it still has a few flaws, but something is surely better than nothing … isn’t it? Have a look, anyway!
Edit: Moved to general since it isn’t really a discrete project, in that it doesn’t do anything new from a control perspective - it simply does it in a (vaguely) secure manner.