The community member who posted the original question is asking whether storing an access token as a string on the global root is still secure, or if it needs to be part of a resource. The comments suggest that only Resource and GraphQL can securely store secrets, and that the access token should not appear in client code if not rendered in a prop or text content. However, there is no explicitly marked answer to the original question.
