Please be sure to keep your admin private key and OAuth key a secret; don't commit them to Github, and take care to not expose them client-side.
I'll try to keep this updated on a best-effort basis, but no guarantees.
If you see a security flaw with this example, please let me know!