@TerminalAutism @charliebrownau @furgar Not using unused variables is actually better when it comes to using less memory and shit, though I don't like it to be forced.
But on the other hand, if most developers these days can't code properly, sometimes you need to lecture them, because the end user is the one suffering from it in the end.

Even in PHP when I'm done using a variable on the backend, I always unlink it before loading the frontend to minimalize the potential attack surface.
Or when I have to take out all data from the database because I need all of it except for the password, remember_me token, and password reset date, I manually unlink those so that they will never leave the server side, so they never end up at the client side ready for these being exploited.

And there are ways to hide passwords in things like a confirmation screen by just creating a new variable, taking the length of the actual password itself in a for loop, concatting the new variable with asterisks inside of it, and showing that in the frontend.
But many devs are simply retarded, and just send the user password from the backend to the frontend in an unencrypted HTTP POST request in a web app filled with CDN'd soyscripts, and let it be that at least 1 of them is sniffing these HTTP requests, and you're putting all your users at risk.

I prefer to manage garbage by myself, so GC is just standing in the way for me.