Logging in cloaked was by design, but I suppose it's counterproductive for people who just want to use the client, rather than hack on it. Since so many people complained about that I've commented out the parameter which tells PM to cloak the login, so download the code again and you should be good to go.
I cannot use an existing PM cookie; it is a security feature of JS to prevent you from reading the cookies set by other sites. The plan was and is to eventually have a copy of this hosted on PM, so a separate login won't be necessary. I just need the tuits to implement the bits that will be difficult to do in JS (interpret markup) and those I don't have any personal need for (private messages).
Makeshifts last the longest.