Merge pull request #3978 from chenseanxy/patch-1

Part 2e: clarify security implications of API keys from client

Author: vejol

src/content/2/en/part2e.md

@@ -605,7 +605,7 @@ If you use Open weather map, [here](https://openweathermap.org/weather-condition
 
 **NB:** In some browsers (such as Firefox) the chosen API might send an error response, which indicates that HTTPS encryption is not supported, although the request URL starts with _http://_. This issue can be fixed by completing the exercise using Chrome.
 
-**NB:** You need an api-key to use almost every weather service. Do not save the api-key to source control! Nor hardcode the api-key to your source code. Instead use an [environment variable](https://vitejs.dev/guide/env-and-mode.html) to save the key.
+**NB:** You need an api-key to use almost every weather service. Do not save the api-key to source control! Nor hardcode the api-key to your source code. Instead use an [environment variable](https://vitejs.dev/guide/env-and-mode.html) to save the key. Also in real-life applications, it's considered insecure sending these keys directly from the browser, as anyone who can open the dev console would be able to intercept your keys! Consider building and deploying an API proxy in these cases.
 
 Assuming the api-key is <i>54l41n3n4v41m34rv0</i>, when the application is started like so: