Secrets in code can be exposed, leading to unauthorized access and security incidents. This is why developers should handle secrets carefully and never hard-code them into source code or commit them to version control systems. Instead, they should be stored securely using secret management tools and accessed through secure methods, such as environment variables. Sonar provides secrets detection features that can help detect if secrets are leaked in the code, both in the IDE and Continuous Integration pipeline.