You are right, not only it is not a good idea but it is also against the terms of service. You must keep your secret protected at all times. You’ll have to use some kind of back-end server to manage tokens.
I wrote an open source “proxy” in Ruby/Sinatra to help out people who doesn’t want to write a lot of back-end code. Writing your own implementation in NodeJS is not too hard either if you prefer. There are some Community Created Libraries & Resources to help you with that.
If you wanna give the proxy a try you can easily deploy it to Heroku using your free tier by clicking the “Deploy to Heroku” button. https://gitlab.com/francisschiavo/blizzard-api-proxy
I’m not aware of any safe alternative without the need of a back-end server, you might wanna ask around on the Community Discord Server to see if there is something.