Can somebody elaborate on the meaning of the quotes below.
If the code is actually run on the device well it doesn’t get send to place where the code is hosted - isn’t that correct?
Of course you should be aware of what is in the code so the code doesn’t copy your data to a malicious site - but if you are in control of the code then this shouldn’t be a problem, I expect.
Make Sure You Trust The Author If you’re using code written or hosted by someone else – make sure you trust the author. Experimental Code columns can access any data you pass to them so it’s important you are confident with where it’s going.
(in reality, the code runs on your device, but it’s useful to think of it this way )
So can you pass a secret key to e.g. Cloudinary exposed API in order to get hold on some data from your account there - without passing the secret key to the place where the code is hosted?
Or will the secret key be accessible on the device that runs the app - e.g. by inspecting the code?