go-os | Go OS is a client library for Micro OS | Microservice library

Is there a security issue created by having the clientSecret of Stripe's PaymentIntent API stored in plaintext in the client-side HTML? I'm new to web development and integrated Stripe's PaymentIntent API by following this tutorial: https://stripe.com/docs/payments/accept-a-payment. Unfortunately, they didn't have a guide that was Django specific. The guide was for flask. I did my best improvisation, but I didn't want to go through the trouble of making a specific endpoint for passing PaymentIntent's clientsecret. Instead, I defined a clientSecret variable that I store in plaintext on the client-side via {{ clientsecret}}. To provide some background, I'm using Django 3.0 with django-oscar 2 and python 3.6.

The Stripe guide states, "The client secret should still be handled carefully because it can complete the charge. Do not log it, embed it in URLs, or expose it to anyone but the customer." I don't believe I'm doing this, but I'm afraid that by defining it as a variable that the webpage is given by Django, there is some sort of logging. I'm using https so I believe there are some boundaries against the contents of the webpage being exposed, and it's definitely not exposed in the URL itself.

Let me know what you guys think, not trying to lose someone's money!