In reference to article https://help.sap.com/viewer/8b8d6fffe113457094a17701f63e3d6a/GIGYA/en-US/414dfd8070b21014bbc5a10ce40... for making a client site call for accounts.search, we need to construct a signature that can be passed the request in order to authorize that request.
As per the article partner's secret key should be used to construct the signature.
Is keeping partner's secret at client side not a security issue? As anyone can pull the secret key from the app or client page and can make unwanted calls.
The secret key should never be exposed to the client-side and whilst using accounts.search can be used from the client-side using a constructed signature, the signature should be constructed via a secure method on the server-side so the secret key is never exposed client-side.