Hey Tim,
You actually want to do your best not to expose your client_secret (in general, not just for the Imgur API).
If someone obtains your ID/secret pair, they can stand up an application that pretends to be yours. If anyone authenticates with it, the attacker could take actions on behalf of their account under your application name.
Ways to avoid this are keeping credentials in server-side code and using environment variables, when open sourcing code.
Hope this clears up any confusion!
Best,
Jasdev