The API key and secret are currently put into Info.plist during implementation. Since Info.plist is insecure by default, malicious developers could add new apps to our workspace by creating new apps with dummy Bundle IDs.
This would also further simplify Shake implementation process and make it more similar to other SDKs on the market.
The same thing happens with AndroidManifest.xml on Android.