Perhaps as an added layer of security, encrypt the secret values for the app deployed in the cloud that uses secrets.
In the event of a breach on either the developer or Streamlit, these secrets will remain secure and not be exposed.
You can make this as an option. Encrypt or not. The developer can choose.