That’s the bottom line isn’t it – obfuscation isn’t security. It doesn’t matter how difficult it is or how determined or knowledgeable someone would have to be; if the data is exposed, then it’s not secure.
Even if you encrypted it, well then you’d have to decrypt it again – using client-side code … which the user can see, and use themselves!
Local storage is useful for a whole host of things, but secure information is not one of those things