This increases the level of security by preventing reverse engineering of an authentication service process or preventing attacks that try to modify this code.
Encrypted communications and site authentication cues can help shield against such attacks, but the vast majority of Internet activity presently leverages neither defense.
In addition to capturing regular passwords, man-in-the-middle attacks can be used to intercept one-time passcodes offered by traditional two-factor authentication systems.