If you're building a web app and dropping JWTs into localStorage, you might be creating a massive security hole without even realizing it.