Well, it's a client-side script. Of course that's a drawback. If you're trying to say it's better to use server-side scripting for logins, of course you're right.
But like I said, this is the best client-side script I've seen. ca_redwards' script uses the same idea, but it's not as easily modified by newbies, and it also uses the image name as the "redirect" file name, instead of allowing you to modify the URL as Borgtex's script does (which also allows for multiple users very easily)... so Borgtex's script wins handily by it's simplicity and "security" (what there can be in client-side scripting), in my opinion.