Changing the account password does not invalidate launcher tokens

This is a bug that allows you to bypass the password after it has been changed, allowing hackers to keep accounts. Just simply have logged in as the account recently, and then change the password. You can still use the play button even though the password has been changed. This would allows hackers to keep hold of account they don't even know the password to, as long as they knew it at some point.