I am currently writing a twitter client using javascript, and then found out that many people reminded javascript developers that they did not reveal the "consumer secret". But they never said why.
So why is it so important to hide my user_secret? If someone wants to show my "through My_App" in their application, making the name My_App more famous, why should I worry about anything? In the end, you cannot get any useful information from my user_secret, user information is protected by both https and token_secret.
source
share