I'm using Mirror for the networking side and it's recommended that I use the same project for both the client and server builds. The problem is more of a security issue because I do recall that having the developer secret key in the client build makes a security hole. I can't really trim out the code between client and server because of the same project thing and the PlayFabMultiplayerAgentAPI needs server API enabled.
The question is, will the secret key be exposed if I use the extension and enable the server API?