You can use HMACSHA1 handlebars to generate authentication tokens that your website can use to validate or authenticate users' data without including the literal value anywhere in a message body.
This is useful if you wanted to include userId as a merge parameter in your hosted unsubscribe url to take users to a page that is unique to him/her. In the url, the userId will be hashed instead of containing the literal userId value.
The HMACSHA1 helper can be used to encrypt any values, including any field on the user's profile, event fields, or universal merge parameters.
Enable HMACSHA1 handlebars by going to Settings--> Project and adding an HMAC secret. This can be any combination of letters, numbers and symbols. It is similar to setting a password.
You can do this with any user field that exists on the user's profile, as well as the universal fields 'email', 'campaignId', and 'templateId'.
If you need to grab an un-hashed userId from the hosted unsubscribe url, you can simply insert the merge parameter for that field without the HMACSHA1 helper.