Remove login functionality and instead point users to a trusted client.

Offering (and normalizing) the functionality of "just enter your matrix server login credentials into random webpages" is hugely problematic. Someone will run a customized version that'll just store the password or access token of all visitors. Please consider actually removing this functionality and point people instead to the room in their trusted client.

This really is a security nightmare waiting to happen. :-(