It is safe to include the app secret in client-side code (the same question is valid for native apps). The app secret has minimal privileges and uncovering it does not pose a risk to your data in any way.
For more information, see http://devcenter.kinvey.com/guides/security
almost 5 years ago
Here's another stab at this same answer : http://calendee.com/are-baas-providers-secure/