Are there limitations to using the secret key for authorizing access in my app?

The Secret Key should only be used on a secure server since it's tasked with authorizing read/write access to channels.

The Secret Key is used in the PUBNUB. init (or constructor) call once to initialize the SDK on the authorization server.