You would not embed the client secret to any application unless you are open for public to see and use the secret (most likely not for applications you distribute to public domain).