From 90ae7dea917c6034e01e084698cd9cb5badb5564 Mon Sep 17 00:00:00 2001
From: Alvaro Jose <kanekotic@users.noreply.github.com>
Date: Sat, 12 Jan 2019 21:59:28 +0100
Subject: [PATCH] Update README.md

add comments related to #4
---
 README.md | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/README.md b/README.md
index 7e38034..49b865f 100644
--- a/README.md
+++ b/README.md
@@ -71,6 +71,13 @@ the login function will return a Promise with the access token and secret
     refreshToken: ***
 }
 ```
+
+## Security
+
+Consider this before you integrate this library in your application:
+- It is a bad practice to hardcode `keys` & `secrets` in code that is going to be shipped.
+- If you are looking to have your own backend, consider using it for authentication with 3rd party services. [IETF RFC 8252](https://tools.ietf.org/html/rfc8252).
+
 ## Migration V0.x to V1.x
 
 - there is no more need for the oauth object, info becomes a basic object with the properties stated in the usage step.