Security of bubble.io and its workflows

hello everyone, I apologize in advance for the translation because I am French.

I would like to have your opinion on the security of bubble.io concerning the use of its workflows, I am not talking about backend workflow but rather simple workflows that are executed on the client side

is there a security problem using workflows for example using a stripe api that sends or retrieves information on, a payment, a customer, a connected reseller

is there no possibility of retrieving in the source code of the web page information that can be used by a malicious person?

I am thinking for example of the stripe.js plugin which allows you to do a lot of things in order to obtain payment information or other via workflows.

I also ask you this because in the bubble.io billing system of workflows / units, it is much more consuming for us to move to backend workflows and in order to optimize this workflow / unit consumption as much as possible, I prefer to stay on frontend actions with simple workflows as often as possible

thank you in advance for your feedback

API calls are made from Bubble servers, even if they are called from the frontend . (unless you specifically choose to do it from the frontend, but that can’t be done unwillingly)
So API keys used for API calls are safe inside Bubble server.

On the other hand frontend workflows are entirely visible by the user. Do not ever put there a key you do not want to share.

EDIT : here, link to security doc : API Connector security | Bubble Docs

Even if set to private? :thinking: