I think the owner of that site is setting himself up for a fail.

The owner heard about my concerns and has taken the site offline.

His mybitcoin.com userid and 'secret' were also exposed in plain text javascript on the site...but I guess that don't matter anymore anyway.

If he has ANY of the game logic running in javascript on the client side, he is doomed.  If the game runs in the client, it would be trivial to edit the code and cheat.

I think there are some firefox plugins that allow you to step through a javascript as its running and edit it along the way as you please.