Twitter API Secret visible in Xibo CMS

I’m not sure if this is a bug or “by design” but I wanted to make sure.
When you create a new app in Twitter you receive a warning that the API Secret should not be visible in your application. I don’t know if they mean that the key should not be visible on te screens, or in the CMS. I can imagine that it is a safety hazard if people can see it, even in the CMS. Just like passwords should allways be displayed as *****

In Xibo, the Twitter API secret is allways visible in the CMS. Is this by design, or would it be better if it were ****?


It’s visible if someone has access to edit modules, which in most cases means super admin, in which case that user has access to everything.

That being said, I guess it wouldn’t hurt to have **** shown there after you initially add the key and save