Hi I don't know if this is the place to posting this but I'm a newby and I'm experimenting with this repo to interact directly with files on the browser. I'm using gatekeeper which sends back the oauth token and I'm using it directly on a script like this to later interact with my repo files:

$.getJSON('http://lestat.herokuapp.com/authenticate/'+code, function(data) {
var github = new Github({
token: data,
auth: "oauth"
});
});

I've read that tokens shouldn't be used on client side for security and the previous code declares the token client side but I've tried to access it through the browser console and it's not displayed so I think it's not accessible but I'm not sure. It's this approach secure?