I showed this at a webinar a couple of months back but probably should have emailed you as well.
Steps to reproduce:
1. Put some embed code AFTER the parent call in the BearerToken version of p_web.Authenticate in the WebHandler.
2. Save the procedure.
3. Open the procedure. The code has magically moved to BEFORE the parent call.