Firebase Custom Authentication: Security of Firebase Secret in JavaScript

I would like to use Firebase Custom Authentication in my Angular app. This action is realy simple:

var FirebaseTokenGenerator = require("firebase-token-generator");
var tokenGenerator = new FirebaseTokenGenerator("<YOUR_FIREBASE_SECRET>");
var token = tokenGenerator.createToken({ uid: "uniqueId1", some: "arbitrary", data: "here" });

But there is a warning about security of Firebase Secret in the doc page:

Firebase JWTs should always be generated on a trusted server so that the Firebase app secret which is needed to generate them can be kept private.

I am wondering how can I keep my Firebase Secret private if everyone can view my JavaScript source code and read the Firebase Secret there? Am I missing something or there is no possibility to do this in JavaScript?