Using WKScriptMessageHandler to receive sensitive data

My MacOS application has a webview and I've been subclassing WKScriptMessageHandler to handle several messages received from the javascript code.

For a new feature I would like to save user's password in the Keychain, to do so I need to send the password from the Javascript to the Swift codebase. The javascript code would be something like this:

window.webkit.messageHandlers.loginData.postMessage({username: 'john', password: 'p@ss!123'})

Before implementing this approach I would like to know if there are any security vulnerabilities that I should know about. The sensitive data is being sent from the Javascript to the Swift code, so I wonder if it would be possible for someone to intercept it or getting the sensitive data somehow.

Using WKScriptMessageHandler to receive sensitive data
 
 
Q