© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0e1f616
(Get the code!)
The importance is a bit arbitrary. From the security point of view, there is really no benefit in having this feature.
However, there is a real case for it, because service providers might have some guidelines on where the application keys can appear and where they cannot: I recall Ken telling me that Twitter was unhappy about having the application keys visible in the Gwibber's source code, and just moving them to the debian/rules files made them happier. It's illogical, but it can happen.
There is anyway another reason why this feature is needed: in some cases, authentication parameters are known only at run time, and therefore cannot be encoded in any static file. The example (and the reason why I hurried to fix this bug) is UbuntuOne, whose "TokenName" parameter is based on the device's hostname, which is changeable.