Is it secure?

[AurimasNorkus]

Hi,

Is it secure to use this plugin? Because we provide secret API key to application and we can do charges only with application without server side request, i see that in test mode. Or in wrapped Cordova application there is no hacks how to get that key from released application?

How i imagine that should be like a standard: you send Card info to Stripe, get token then send that token to your API and then your API request stripe for real charge?

Is it possible without plugin using only stripe.js get these things work? But for that need HTTPS, could it be possible for Cordova application?