User auth is stored in localstorage for simplicity. It's saved and read as a JSON object so you can integrate any persistence layer that supports reading and saving JSON objects.
How do I guarantee the security of my users' info?
You should always make sure to save user passwords as salted hashes and always serve your website via https. Consider using a 3rd party authentication library