The Keyboard Maestro wiki page:
actions:Execute a JavaScript in Browser [Keyboard Maestro Wiki]
(in the section Using Keyboard Maestro Variables)
Makes the following point:
Note that because your variables are passed to the web page, any other scripts running on that web page will have access them, and this could be a privacy issue if the information is misused by the web page.
This will typically not pose a problem, but if you are using these actions on pages where you might not want other scripts to be able the read the names and values of all your Keyboard Maestro variables, it's a sensible idea to clear the document.kmvar reference, as soon as you don't need it, by doing things like:
Prefacing the earliest line which no longer needs document.kmvar with a statement like:
document.kmvar = undefined
Or, if you are running more than one Execute JS action on the same page, and don't want one of them to delete document.kmvar before the other consults it, you could conclude the whole macro with a further action like:
It will also be good practice, if you make much use of these browser actions, to minimize the amount of information in documents.kmvar by maximizing your use of temporary Keyboard Maestro variables.
i.e. variables with instance or local prefixes. See under Instance variables in: