Okay, I'm going to explain this one more time. Clearly you're on drugs or something, because it's pretty easy to understand.
You log in to the bedrock client, per normal "safe" logins.
You navigate to the local IP of your machine, where the geyser client is listening for login requests.
You type in your Mojang user and pass, which the LOCAL GEYSER client sends to Mojang's auth server, and gets an auth token reply from there.
The geyser client then forwards ONLY THE AUTH TOKEN to the java server that you're wanting to play on.
Literally I don't know how to explain to you that this isn't a site, this isn't some pirate's land that's going to rob you of your precious $25 account. This is a local client that auths with Mojang, THE SAME as the vanilla client and 3rd party launchers, and your login info IS NOT SENT TO THE SERVER THAT YOU'RE LOGGING IN TO.
If you don't trust geyser, don't use it. But don't sit here and tell everyone it's unsafe to use something that's clearly been developed with more brains than you have. I'd trust them with my account info 1000x over again before I would trust you with a basic shopping list for the store.
If you have any questions, ask in the geyserMC discord. I would literally love to see them flame you into a pile of ashes.