client secret, client id #5
Description
Don't you think that it is kind of of security issue if i put client secret and client id into javascript? That means that I can fake domain by just changing /etc/hosts file and grant access to what ever I wont?