Google APIs are designed [1] to be accessed on behalf of a Google account holder by client-side code without any server component being involved. The client-side code does not use client_secret, only client_id. There isn't any secret key to steal from the code.
Google APIs are designed [1] to be accessed on behalf of a Google account holder by client-side code without any server component being involved. The client-side code does not use client_secret, only client_id. There isn't any secret key to steal from the code.
[1] https://developers.google.com/accounts/docs/OAuth2UserAgent