One potential issue you should correct is that while the global variable initializer allows you to reference components and their readable properties, the value will be fixed at the time the app is initialized (so likely it's the empty string). Really what you would probably want to do is instead construct your tag in the button click handler so that it reflects the values at runtime.
Second, you're encoding the password into the tag. This in theory could allow for collision attacks, e.g.:
User: example@store.co.uk
Pass: test
and
User: example@store.co
Pass: .uktest
would allow the second user to log in as the first user.