Question regarding the security of tokens

Hey everyone,

I'm not sure if this question is appropriate for an issue; feel free to let me know if it’s okay or if I should use another communication channel.

I have a question regarding the security of tokens. My use case requires non-exposable tokens, and after reviewing the UI, code, and database, I noticed that tokens are stored as plain text in the database, as well as in the feed type settings.

First, could you explain the reasoning behind this design choice? Are there any current or future plans for making the tokens non-exposable, perhaps by implementing a hashing process?

Additionally, I’m wondering if making the tokens non-viewable would even help, considering they can technically be accessed by inspecting the response header in an HTTP GET request.

Just to clarify, I'm not trying to criticize anyone’s work—I'm genuinely interested in gaining a deeper understanding of this topic.