Looks great! let's catch once you can start. As for the login, at the moment, private key is generated out of the combination of username and password, while validity is checked against the database. This approach is similar to bit39 method although I am using self made function.

The backend stores address only, and tries to decrypt it with private key derived from username and password. If unsuccessful, login fails.

This part needs to be changed before releasing anything on main network as it's not secure enough yet, nor properly tested. I am currently looking into existing libraries that are proven against security risks in order to replace the self-made function with something more reliable.

As for the default login, it's intentionally leaved that way so everyone can login and take a look without having to register.