The backend API is open-source, and the secrets are cleared immediately after use from the data store, but I agree this is a good idea.