How do ensure security in desktop apps?

[345ml]

https://github.com/mironal/electron-oauth-helper/blob/master/example/src/main/config.example.js Isn't there a security concern about using secret information such as client_id and client_secret in the client-side code, as shown in the example?

For example, is it possible for this third party to impersonate the same application? If this concern exists, would it be ideal to build a workflow through the server-side?

I apologize if this is a strange question.