This is actually something we thought we removed everywhere. I just grep'd our repo, found one lingering instance, and committed it out (will deploy when the traffic goes down). We understand it's deceptive and recognize the need to communicate to our users why Clef is more secure than usernames and passwords in a straightforward way.