You can use a link to evaluate the variable:
@@#code;Enter the code: <<textbox '_code' '' autofocus>>@@
@@#error;@@
<<button 'Submit'>>
<<if _code is 'blahblahblah'>>
<<set $backer to true>>
<<replace '#error'>><</replace>>
<<replace '#code'>>Backer content unlocked.<</replace>>
<<else>>
<<replace '#error'>>Incorrect code.<</replace>>
<</if>>
<</button>>
It might be wise to at least try a little bit to make the code hard to figure out though. For example, you could open your browser and press f12 to open the console, then type in:
btoa('password')
and press enter. The result will encode the string in base64; for example, "password", as above, looks like:
cGFzc3dvcmQ=
Then you can use the atob() decoding function to mask the password.
@@#code;Enter the code: <<textbox '_code' '' autofocus>>@@
@@#error;@@
<<button 'Submit'>>
<<set _test to atob('cGFzc3dvcmQ=')>>
<<if _code is _test>>
<<set $backer to true>>
<<replace '#error'>><</replace>>
<<replace '#code'>>Backer content unlocked.<</replace>>
<<else>>
<<replace '#error'>>Incorrect code.<</replace>>
<</if>>
<</button>>
You could take further steps to attempt to mask or hide the real password too, but you won't ever stop people who know JavaScript, so meh.