Hi everyone,

I've noticed that after I save API token at settings page, I can access the token under asterisk using browser's developer console. This is very insecure, token can be seen by anyone who has access to settings. I suspect GitHub shows token only once due to security risks as well.