The client secret should be protected at any cost, if secret is compromised, a new one should be generated and apps authorization will be updated accordingly.