So I'm in the final stretch of implementing the account login for our site which runs on php/javascript. The whole process of resetting a users password comes down to one function call now. PlayFabAdminAPI.ResetPassword
My issue here is that it seems to require access to our secret key for authentication. I'm not too keen on putting this information on any forward facing element. Especially in Javascript where it's not too hard to find variables if you know what you are looking for.
What's the proper process here for calling the admin API for resetting a password?