variables are exposed its normal for web development this post explains more. If you have something that needs to be secret use backend functions and supabase secrets for example to do that.
There’s a bunch of other posts around that go into more detail on security as well. Pretty sure weweb has a video on it themselves actually