It is because we believe that native or desktop apps will likely have the application magic formula embedded someplace (and as a consequence the application access token created employing that top secret just isn't protected). To check in connotes the same notion, but it surely's dependant on the analogy of https://wwwkb7.com/
