Security risks not in README

[brentbaum]

This is begging to encourage beginners to publish their OpenAI secret keys in clientside javascript, leaking them. It feels responsible to add a banner in the README to note the security risk & recommend they use a proxy when pushing the application into production.

[johannbuscail]

I'm new to this. What do you mean with using a proxy ?

[dcsaszar]

@johannbuscail

Taken from https://platform.openai.com/docs/api-reference/authentication:

Remember that your API key is a secret! Do not share it with others or expose it in any client-side code (browsers, apps). Production requests must be routed through your own backend server where your API key can be securely loaded from an environment variable or key management service.