Handle sensitive data carefully in frontend code.
Don't expose in client:
- API keys and secrets
- Internal IDs that reveal information
- Other users' private data
Be careful with:
- Browser history (don't put sensitive data in URLs)
- Console logs (remove before production)
- Error messages (don't leak internal details)
- Autocomplete (disable for sensitive fields)
Data minimization: Only request and store what you need.
Interview tip: Discuss what data belongs in frontend vs backend.