Greetings for the day!!!
Putting a secret key inside the code is not an issue, the main keys are API Key and Admin key (if you have created an ACL app). Because if you embedded the API & Admin key inside your code, then any programmer can see those credentials by debugging your source code and that's why we provide 2 level security for app data:
Object level authentication ( ACL)
Also, the server side tools help you in a different way because you can embed the admin key inside your custom code and you can take further action on the top of all services and it will be on the server. Nobody can see your data or your credentials from it.
Please go through this link for more details and let us know if you need any help while integrating it.
We are happy to assist you.