This article has some good point about having Secrets, but sadly the main point it makes is just to not have any (which is unavoidable)
You’ve done it, you have some kind of secrets file and you do not commit it to GitHub by using the .gitignore
No, the secret is in your app bundle the app reviewers don’t care about the code, only how the app works
Technically someone who has jailbroken their phone can see a lot more, but also think if your users, are they people who are likely to jailbreak a phone and do this.
But overall that risk is minimal.
There’s always a way to reverse engineer something, just think of the likelihood of this happening.