GAPI users? Make sure you're not displaying errors publicly!

[teppo]

Google has killed off one of their pre-oAuth authentication methods, and the popular GAPI library is still relying on it.

In case that anyone here happens to use said library for communicating with Google Analytics, please make sure that you're not running it in an environment where errors are publicly displayed. This is especially important if the GAPI authentication request isn't properly wrapped with try..catch, since the stack trace will contain Google credentials as-is, i.e. unencoded and publicly visible.

Just a word of warning, since currently a simple Google search will result in a whole lot of sites with exactly this issue, and with plain-text credentials (partly or completely) visible.