I realize that we can view the JS code in the browser via Inspect element > source or the like. For example, I have following code and it can be view under "source".
$.ajax({
url: baseUrl + 'location/insert_user_location',
type: "post",
data: {address:address,lat:lat,lng:lng,acc:acc},
}).done(function(){
getUserLocation();
});
Is this insecure, or does it even matter?
I don't see why this could be insecure, but you have to always keep in mind that every thing that is send from or computed on the client, is possibly insecure and you may not trust this data without verifying that it's valid... never.
Not sure there's much you can do to conceal Javascript. Even if you "encrypted" or somehow obscured it in transit, eventually it has to be clear for the javascript interpreter to use it, which can almost certainly always been seen by some sort of developer or other tool. If its sensitive data, I'd just avoid putting it in code if it were an important issue.
No, it's not insecure, because your location/insert_user_location URI is correctly secured on the server side, right? For the same reason you should not trust client-side form validation and always perform the same validation on the server side.
There is no way to "hide" JavaScript on the client side. No matter how deeply it's hidden and how well obfuscated, hacker will always be able to analyze it.
vzhen, anyone can see your JavaScript code if you return it to the user in the browser. There really isn't any security problem with this as long as you don't put private information (such as user passwords or API keys in the javascript) and never trust the client.
This means that you should not trust anything which may be sent via Ajax to the server.
Client side validation is your friend in this case. I would not worry too much about your client side code - treat it as exposed for everyone to grab. Cross site scripting would be one concern, other than that put your effort into sever and codebase security.
