what happens when people blindly trust a button and someone decides to exploit that by making a fake one open a phishing pop up requesting your Facebook credentials? Has this been done?