Using Apple Developer Token in Head Meta Tag MusicKit JS

In starting to work with MusicKit JS in a react app, I came across this method for loading the library (no NPM package available) in the documentation here.


This is super easy, but it doesn't seem safe to be putting the developer token in a place where anyone can read it.


<head>
 ...
 <meta name="apple-music-developer-token" content="DEVELOPER-TOKEN">
 <meta name="apple-music-app-name" content="My Cool Web App">
 <meta name="apple-music-app-build" content="1978.4.1">
 ...
</head>



QUESTION: Is this safe, and/or is there a better way to do this?


For the record, I did try the approach of setting up an "musickitloaded" event listener, but I couldn't get it to fire consistently.


Thanks,


Kim