You did the right thing of digging into the code itself.
The upcoming Package release and the updates thereafter will self-destruct all users data. This service will have no memory of users' data.
Line 3 of the quoted code has this: show="*", which means that data is not revealed just like entering a password. As the service doesn't keep any user's data, the only way to send funds is to enter that data as the address alone isn't enough to release funds. Rest assured that this part will be secured further.
There is still a slight possibility that a third party may be able to record the data before it is destroyed so it is better to use MKP rather than asking the user for the private key.